Re: return-rst for outgoing tcp connections?

Larry Moore wrote:

> Wolf Geldmacher wrote:
>
>>>
>>> block out log quick on tun7 proto tcp from any to any port = 23
>>> flags S/SAFR
>>>
>>>
>>> bash-2.05b# telnet 10.10.10.10
>>> Trying 10.10.10.10...
>>> telnet: connect to address 10.10.10.10: No route to host
>>> bash-2.05b#
>>>
>>> Larry.
>>
>>
>> I inserted the line you suggested (replacing the interface by my hme0
>> ;-) but it
>> does not change the timeout behaviour for me at all, i.e. I still
>> have to wait
>> 3 minutes+.
>>
>> May I should add that the machine I try to prevent access to in fact
>> does exist
>> and routing is setup to it? If I try to connect to an non-existing IP
>> I get the
>> same behavour you get (and fast), but this is independent of the ipf
>> configuration.
>>
>
> If you are attempting to make the telnet connection coming on on one
> interface and going out on hme0, do you have a rule to permit the
> Telnet session on the other interface and if so does it keep state?
>
> Larry.

That's not what I'm trying to do. I'm trying to block outgoing telnet
connections from my machine with a
fast timeout, regardless of the interface (of which I only have one
(besides loopback, which I'm not concerned about)).