Date: Thu, 29 Nov 2001 20:04:43 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@freebsd.org Subject: Re: ipf return-rst Message-ID: <20011129200441.D21918@shell.gsinet.sittig.org> In-Reply-To: <3C056986.163131B9@centtech.com>; from anderson@centtech.com on Wed, Nov 28, 2001 at 04:47:34PM -0600 References: <3C056986.163131B9@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 28, 2001 at 16:47 -0600, Eric Anderson wrote: > > I'm trying to figure out why my return-rst lines aren't > working. Here's a sample of a line: > block return-rst in quick on xl0 proto tcp from any to > my.ext.ip/32 port = 23 flags S/SA Is your my.ext.ip static? If it isn't, I suggest using 0.0.0.0/32 as the IP spec and invocing "ipf -y" in your linkup script. Are you the only filter in the path? Have you tried this locally in a network completely under your control? Check it with the lo0 interface and your internal NIC first to make sure. > Both block the connection, but timeout instead of giving the > "Connection refused" line. Is this some kind of application retry? Did you use something like netcat as a frontend and did you check by running tcpdump? virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129200441.D21918>