Date: Mon, 5 May 1997 21:14:57 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: danny@panda.hilink.com.au (Daniel O'Callaghan) Cc: current@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <199705060414.VAA11171@bubba.whistle.com> In-Reply-To: <Pine.BSF.3.91.970506130122.4479h-100000@panda.hilink.com.au> from Daniel O'Callaghan at "May 6, 97 01:04:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > - When a reject rule applies to an incoming TCP packet, send > > > > the appropriate TCP response packet (ie., RST) instead of an > > > > ICMP port unreachable. > > > > > > I think you want to make this user configurable and perhaps on a per-rule > > > basis. > > > > This is only with "reject" -- ie., right now it sends an ICMP unreachable. > > There's still "deny" which silently drops. > > How about > > ipfw add 1000 reset tcp from any to foo 23 > > So the choices are: > deny : be silent > reject: send ICMP !H > reset : send RST Sounds OK with me.. any body else care to comment? -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705060414.VAA11171>