Date: Thu, 29 Nov 2001 20:04:43 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@freebsd.org Subject: Re: ipf return-rst Message-ID: <20011129200441.D21918@shell.gsinet.sittig.org> In-Reply-To: <3C056986.163131B9@centtech.com>; from anderson@centtech.com on Wed, Nov 28, 2001 at 04:47:34PM -0600 References: <3C056986.163131B9@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 28, 2001 at 16:47 -0600, Eric Anderson wrote:
>
> I'm trying to figure out why my return-rst lines aren't
> working. Here's a sample of a line:
> block return-rst in quick on xl0 proto tcp from any to
> my.ext.ip/32 port = 23 flags S/SA
Is your my.ext.ip static? If it isn't, I suggest using 0.0.0.0/32
as the IP spec and invocing "ipf -y" in your linkup script.
Are you the only filter in the path? Have you tried this locally
in a network completely under your control? Check it with the lo0
interface and your internal NIC first to make sure.
> Both block the connection, but timeout instead of giving the
> "Connection refused" line.
Is this some kind of application retry? Did you use something
like netcat as a frontend and did you check by running tcpdump?
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129200441.D21918>