[Shorewall-users] Rule to set Iptables with
teastep at shorewall.net
Sun Mar 14 18:25:43 PST 2004
Tom Eastep wrote:
> On Sunday 14 March 2004 05:26 pm, Salvatore wrote:
>>It is possible to set a shorewall rule to obtain a iptables rule like:
>>iptables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset
>>it's important the "--reject-with tcp-reset"
> Just make sure that your REJECT rule specifies protocol = tcp
Actually that isn't true -- any rejected TCP packet will be rejected
with tcp-reset. That having been said, the number of recent 2.4 kernels
with working tcp-reset wasn't broken are few....
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users