On Tue, Aug 06, 2002 at 02:44:22PM -0300, Ethy H. Brito wrote: > Is there any magic to perform that makes return-rst or return-icmp send > back the reset to the originator on a pure bridge configuration?
Both return-rst and return-icmp rely on the stack delivering the packet, so you need the proper routing table entries. If you assign addresses to the bridge interfaces, return-* works, and you can still block all incoming packets to the firewall itself. Daniel
