From owner-freebsd-hackers Thu Aug 22 06:55:10 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA15960 for hackers-outgoing; Thu, 22 Aug 1996 06:55:10 -0700 (PDT) Received: from starfire.mn.org (root@starfire.skypoint.net [199.86.32.187]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA15949 for ; Thu, 22 Aug 1996 06:55:03 -0700 (PDT) From: john@starfire.mn.org Received: (from john@localhost) by starfire.mn.org (8.6.12/1.1) id IAA19336 for hackers@FreeBSD.org; Thu, 22 Aug 1996 08:54:52 -0500 Message-Id: <199608221354.IAA19336@starfire.mn.org> Subject: ICMP REJECT and telnet with FreeBSD To: hackers@FreeBSD.org (FreeBSD hackers) Date: Thu, 22 Aug 1996 08:54:51 -0500 (CDT) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Please include me in any replies, as I no longer subscribe to this list. Having just had a fantastic time using ipfw to set up firewalling with a FreeBSD 2.1.5-R machine (great job, to all concerned!), I discovered a "quirk" with regard to telnet. I set up the firewall to "reject" instead of "deny" unauthorized TCP setups, and allowed ICMP so that these rejects could be communicated. This works as expected with SCO ODT, SunOS, and UnixWare 2.03 in that the reject is immediately detected and reported by telnet, but when attempting to connect from an unauthorized FreeBSD machine, either 2.1.0-R or 2.1.5-R, telnet takes just as long to report the reject as it would the timeout if I had used "deny" instead of "reject" (one minute, 14 seconds, and some change). Is this a design feature, a desired behavior, or something that merits further investigation, either by me or someone else? Please include me in any replies, as I no longer subscribe to this list. John Lind, Starfire Consulting Services E-mail: john@starfire.MN.ORG USnail: PO Box 17247, Mpls MN 55417