On 9/5/2012 12:48 PM, Mircea Vutcovici wrote:
>
>
> Nu e nevoie sa binuiesti nimic. Daca portul e inchis, dar firewallul
> deschis, stiva TCP/IP va raspunde cu ICMP port unreachable. Deobicei
> firewalurile fac DROP iar scannerul va face un timeout.
>
>
REJECT strica explicatia ta
--reject-with type
The type given can be icmp-net-unreachable,
icmp-host-unreachable, icmp-port-unreachable, icmp-proto-unreachable,
icmp-net-prohibited, icmp-host-prohibited or icmp-admin-prohibited (*)
which return the appropriate
ICMP error message (port-unreachable is the
default). The option tcp-reset can be used on rules which only match
the TCP protocol: this causes a TCP RST packet to be sent back. This is
mainly useful for blocking
ident (113/tcp) probes which frequently occur when
sending mail to broken mail hosts (which won't accept your mail otherwise).
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
