Wolf Geldmacher wrote:
block out log quick on tun7 proto tcp from any to any port = 23 flags
S/SAFR
bash-2.05b# telnet 10.10.10.10
Trying 10.10.10.10...
telnet: connect to address 10.10.10.10: No route to host
bash-2.05b#
Larry.
I inserted the line you suggested (replacing the interface by my hme0
;-) but it
does not change the timeout behaviour for me at all, i.e. I still have
to wait
3 minutes+.
May I should add that the machine I try to prevent access to in fact
does exist
and routing is setup to it? If I try to connect to an non-existing IP I
get the
same behavour you get (and fast), but this is independent of the ipf
configuration.
If you are attempting to make the telnet connection coming on on one
interface and going out on hme0, do you have a rule to permit the Telnet
session on the other interface and if so does it keep state?
Larry.
