On Tue, 6 Aug 2002 23:06:51 +0200 "Daniel Hartmeier" <[EMAIL PROTECTED]> wrote:
> On Tue, Aug 06, 2002 at 02:44:22PM -0300, Ethy H. Brito wrote: > > > Is there any magic to perform that makes return-rst or return-icmp > > send back the reset to the originator on a pure bridge > > configuration? > > Both return-rst and return-icmp rely on the stack delivering the > packet, so you need the proper routing table entries. If you assign > addresses to the bridge interfaces, return-* works, and you can still > block all incoming packets to the firewall itself. And what would be the address it (the bridge) is going to put in the packet? The new assigned bridge interface address or the conection originator address? I ask this because ipf has an option (return-icmp-as-dest) that did the trick very well. Ethy
