* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-11-18 20:02]: > Admin-generated icmp codes: With IPFW we could return icmp code 1 then > user tried to connect to closed ports (especially with SMTP port for > spammers) . With PF we could block only by silent drop, or ICMP > unreachable. It's not enough.
wrong. block return sends an RST for the connection in question for tcp. which is exactly the stack behaviour for closed ports. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
