Date: Wed, 7 May 1997 01:17:29 +0300 From: Ville Eerola <ville@vlsi.fi> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: archie@whistle.com (Archie Cobbs), nnd@info.itfs.nsk.su, current@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <199705062217.AA231777049@layout.vlsi.fi> In-Reply-To: <199705060040.RAA01598@hub.freebsd.org> References: <199705051812.LAA05845@bubba.whistle.com> <199705060040.RAA01598@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed writes: > In some mail from Archie Cobbs, sie said: [cut cut] > > - When a reject rule applies to an incoming TCP packet, send > > the appropriate TCP response packet (ie., RST) instead of an > > ICMP port unreachable. > > I think you want to make this user configurable and perhaps on a per-rule > basis. Yes. This is one of the good points of IP Filter. It allows you to send many kind of responses to the packets rejected. This way you can tailor the firewall responses for different purposes. This kind of configureable reponses would be a nife addition to ipfw. Regards, Ville -- Ville.Eerola@vlsi.fi VLSI Solution Oy Tel:+358 3 3165579 Hermiankatu 6-8 C Fax:+358 3 3165220 FIN-33720 Tampere, Finland
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705062217.AA231777049>