[Shorewall-users] reject with tcp rst

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 07:04:42 -0800

On Monday 07 January 2002 06:54 am, Tom Eastep wrote:
> On Monday 07 January 2002 06:29 am, Riccardo Valente wrote:
> > Is it possible to specify the action taken on reject? I believe netfi=
> > sends an ICMP "destination unreachable" message, but I'd like to
> > configure shorewall to reject TCP connections to specific ports using=
> > TCP RST packet. Any idea?
> The later versions of Shorewall already do that (unless you've found a =
> that I missed).

I DID miss the case of a REJECT policy (such as usually found in the all2=
chain). I've placed a corrected fireall script at:


Place the script in the location pointed to by the symbolic link=20

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net