Re: return-rst for outgoing tcp connections?
This is a discussion on Re: return-rst for outgoing tcp connections? within the IPFilter forums, part of the System Security and Security Related category; Wolf Geldmacher wrote: >> >> block out log quick on tun7 proto tcp from any to any port = ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-08-2006
|
|||
|
|||
Re: return-rst for outgoing tcp connections?
Wolf Geldmacher wrote:
>> >> block out log quick on tun7 proto tcp from any to any port = 23 flags >> S/SAFR >> >> >> bash-2.05b# telnet 10.10.10.10 >> Trying 10.10.10.10... >> telnet: connect to address 10.10.10.10: No route to host >> bash-2.05b# >> >> Larry. > > I inserted the line you suggested (replacing the interface by my hme0 > ;-) but it > does not change the timeout behaviour for me at all, i.e. I still have > to wait > 3 minutes+. > > May I should add that the machine I try to prevent access to in fact > does exist > and routing is setup to it? If I try to connect to an non-existing IP I > get the > same behavour you get (and fast), but this is independent of the ipf > configuration. > If you are attempting to make the telnet connection coming on on one interface and going out on hme0, do you have a rule to permit the Telnet session on the other interface and if so does it keep state? Larry. 
|
Linear Mode
