From owner-freebsd-hackers Tue May 6 15:18:15 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA08823 for hackers-outgoing; Tue, 6 May 1997 15:18:15 -0700 (PDT) Received: from mail.vlsi.fi (So2SRbhe/irw6ywYp7JxmL/JWwesJCY3@mail.vlsi.fi [195.74.10.147]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA08799; Tue, 6 May 1997 15:18:07 -0700 (PDT) Received: (from smap@localhost) by mail.vlsi.fi (8.7.6/8.7.3) id BAA07611; Wed, 7 May 1997 01:17:49 +0300 (EET DST) Received: from vlsi1.vlsi.fi(193.64.2.2) by mail.vlsi.fi via smap (V1.3) id sma007607; Wed May 7 01:17:31 1997 Received: from layout.vlsi.fi by vlsi1.vlsi.fi with ESMTP (1.37.109.16/16.2) id AA087237050; Wed, 7 May 1997 01:17:30 +0300 Received: by layout.vlsi.fi (1.37.109.15/16.2) id AA231777049; Wed, 7 May 1997 01:17:29 +0300 Date: Wed, 7 May 1997 01:17:29 +0300 Message-Id: <199705062217.AA231777049@layout.vlsi.fi> From: Ville Eerola To: Darren Reed Cc: archie@whistle.com (Archie Cobbs), nnd@info.itfs.nsk.su, current@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: divert still broken? In-Reply-To: <199705060040.RAA01598@hub.freebsd.org> References: <199705051812.LAA05845@bubba.whistle.com> <199705060040.RAA01598@hub.freebsd.org> X-Mailer: VM Version 5.93 (beta) under GNU Emacs 19.29.6 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Darren Reed writes: > In some mail from Archie Cobbs, sie said: [cut cut] > > - When a reject rule applies to an incoming TCP packet, send > > the appropriate TCP response packet (ie., RST) instead of an > > ICMP port unreachable. > > I think you want to make this user configurable and perhaps on a per-rule > basis. Yes. This is one of the good points of IP Filter. It allows you to send many kind of responses to the packets rejected. This way you can tailor the firewall responses for different purposes. This kind of configureable reponses would be a nife addition to ipfw. Regards, Ville -- Ville.Eerola@vlsi.fi VLSI Solution Oy Tel:+358 3 3165579 Hermiankatu 6-8 C Fax:+358 3 3165220 FIN-33720 Tampere, Finland