Date: Thu, 22 Aug 1996 08:54:51 -0500 (CDT) From: john@starfire.mn.org To: hackers@FreeBSD.org (FreeBSD hackers) Subject: ICMP REJECT and telnet with FreeBSD Message-ID: <199608221354.IAA19336@starfire.mn.org>
next in thread | raw e-mail | index | archive | help
Please include me in any replies, as I no longer subscribe to this list. Having just had a fantastic time using ipfw to set up firewalling with a FreeBSD 2.1.5-R machine (great job, to all concerned!), I discovered a "quirk" with regard to telnet. I set up the firewall to "reject" instead of "deny" unauthorized TCP setups, and allowed ICMP so that these rejects could be communicated. This works as expected with SCO ODT, SunOS, and UnixWare 2.03 in that the reject is immediately detected and reported by telnet, but when attempting to connect from an unauthorized FreeBSD machine, either 2.1.0-R or 2.1.5-R, telnet takes just as long to report the reject as it would the timeout if I had used "deny" instead of "reject" (one minute, 14 seconds, and some change). Is this a design feature, a desired behavior, or something that merits further investigation, either by me or someone else? Please include me in any replies, as I no longer subscribe to this list. John Lind, Starfire Consulting Services E-mail: john@starfire.MN.ORG USnail: PO Box 17247, Mpls MN 55417
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608221354.IAA19336>