Date: Wed, 22 Jul 1998 09:55:31 +1000 (EST) From: "Daniel O'Callaghan" <danny@hilink.com.au> To: Johann Visagie <wjv@cityip.co.za> Cc: Philippe Regnauld <regnauld@deepo.prosa.dk>, security@FreeBSD.ORG Subject: Re: ipfw & icmp question Message-ID: <Pine.BSF.3.96.980722095357.3826C-100000@enya.hilink.com.au> In-Reply-To: <19980721142451.A4361@cityip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Jul 1998, Johann Visagie wrote: > On Sat, 30 May 1998 at 23:48 SAT, Philippe Regnauld wrote: > > > > I am a bit puzzled regarding the following situation: > > > > I have a machine with IPFW setup to send "port unreachable" if > > a connection attempt is made on port 113/TCP (identd). The policy > > is default deny. Here is what happens when I do "telnet host 113" > > Sorry, can't help you with that one. I just allow queries to 113/tcp and > make sure there's nothing running on the port. *shrug* Don't send port unreachable. FreeBSD sees that as a temporary failure. Send a TCP RST using "ipfw add rule# reset tcp from any to any 113" Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980722095357.3826C-100000>