On Thu, 9 Jun 2005 01:07:18 +0200 Matthias Berndt <[EMAIL PROTECTED]> wrote:
> I use something like this: > > iptables -P INPUT DROP > iptables -P FORWARD DROP > > ... snip ... > > iptables -A INPUT -p TCP -j REJECT --reject-with tcp-reset > > and the unmatched packets are rejected. > > When I add "iptables -P OUTPUT DROP", the RST packets are dropped > because of the OUTPUT policy. How can I use the DROP policy and the > RST packets? How can I make a hole or something like this in the > OUTPUT chain to get these packets undropped? Got it. For those who are interested in the solution. ## accept all packets with ACK and RST flag set iptables -A OUTPUT -p TCP --tcp-flags ACK,RST ACK,RST -j ACCEPT -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
