Le ven 20/02/2004 � 03:52, Egor Tur a �crit : > Hi folk. > How can I correctly create rules with REJECT and tcp-reset. > If I do > iptables -A INPUT -i eth0 -p tcp --sport 1024: -d MY.IP --dport 113 -j REJECT > --reject-with tcp-reset > iptables -A OUTPUT -o eth0 -p tcp ! --syn --dport 1024: -s MY.IP --sport 113 > -j > ACCEPT > I wait long time when I try connect with ftp & mail services. > If I try REJECT --reject-with icmp-port-unreachable > this work quickly but slowly then I permit authentication. > > What can I do in order to use tcp-reset? > May be using state rules?
You could... But it's not needed. I'm using this: iptables -I INPUT -s <somewhere> -p tcp --dport 80 --syn -j REJECT --reject-with tcp-reset I don't know if the outgoing packet goes through any chains or what. I'd say it doesn't. Regards, Sebastien
