firewall, reject: icmp vs. tcp

Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at)
Tue, 9 Apr 1996 13:47:20 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Davies: "Backup to Exabyte aborts (1.3.??)"
Previous message: Alan Cox: "Re: ARP: arp called for own IP address"
Next in thread: Thomas Quinot: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Thomas Quinot: "Re: firewall, reject: icmp vs. tcp"
Reply: Alan Cox: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Rogier Wolff: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"

hi,

when I configure a rule to reject tcp/ip traffic to a particular port,
e.g. "ipfwadm -I -a reject -S <source> -D <dest> <port> -P tcp", then
on the host <source> requesting for that connection, ICMP packets
arrive telling something like "port unreachable".

unfortunately, some tcp/ip stacks, at least win/NT and w95, do not understand
these icmp packets and continue to try to open a connection until a timeout
occurres.

wouldn't it make sense to send tcp/ip packets with RST=1 in case a
rule that explictely specifies tcp/ip traffic was configured ?

regards, herbert rosmanith
herp@wildsau.idv.uni-linz.ac.at
rosmanith@edvz.uni-linz.ac.at

NB: kernel version 1.3.74

Next message: Stephen Davies: "Backup to Exabyte aborts (1.3.??)"
Previous message: Alan Cox: "Re: ARP: arp called for own IP address"
Next in thread: Thomas Quinot: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Thomas Quinot: "Re: firewall, reject: icmp vs. tcp"
Reply: Alan Cox: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Rogier Wolff: "Re: firewall, reject: icmp vs. tcp"
Maybe reply: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"