Date: Sun, 31 May 1998 13:22:39 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: security@deepo.prosa.dk, freebsd-net@FreeBSD.ORG Subject: Re: ipfw & icmp question Message-ID: <Pine.BSF.3.91.980531131949.411K-100000@panda.hilink.com.au> In-Reply-To: <19980530234807.14632@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 May 1998, Philippe Regnauld wrote: > [crossposting to -net and -security -- shoot me if necessary] > > I am a bit puzzled regarding the following situation: > > I have a machine with IPFW setup to send "port unreachable" if > a connection attempt is made on port 113/TCP (identd). The policy > is default deny. Here is what happens when I do "telnet host 113" Poul-Henning had a good explanation of why FreeBSD does not immediately believe a port-unreach packet, but I can't remember it. The simplest is to send what the kernel would if you let the packet through - TCP RST. ipfw add X reset tcp from any to any 113 Danny /* Daniel O'Callaghan */ /* HiLink Internet <http://www.hilink.com.au/> danny@hilink.com.au */ /* FreeBSD - works hard, plays hard... danny@freebsd.org */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980531131949.411K-100000>