[Shorewall-users] reject with tcp rst

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 07:04:42 -0800


On Monday 07 January 2002 06:54 am, Tom Eastep wrote:
> On Monday 07 January 2002 06:29 am, Riccardo Valente wrote:
> > Is it possible to specify the action taken on reject? I believe netfi=
lter
> > sends an ICMP "destination unreachable" message, but I'd like to
> > configure shorewall to reject TCP connections to specific ports using=
 a
> > TCP RST packet. Any idea?
>
> The later versions of Shorewall already do that (unless you've found a =
case
> that I missed).

I DID miss the case of a REJECT policy (such as usually found in the all2=
all=20
chain). I've placed a corrected fireall script at:

    ftp://ftp.shorewall.net/pub/shorewall/errata/1.2.2/firewall

Place the script in the location pointed to by the symbolic link=20
/etc/shorewall/firewall.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------