On 09/26/2012 02:08 PM, Bin Wang wrote: > Hi All, > > I am trying to use shorewall6 to DROP/REJECT TCP/IPv6 traffic. I am > running shorewall6 4.4.26.1 with one interface configuration on Ubuntu > 12.04. What I found was that DROP works correctly, but REJECT does > not. > > I have the following in /etc/shorewall6/policy > > #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > $FW net REJECT > net $FW DROP info > net all DROP info > > # The FOLLOWING POLICY MUST BE LAST > all all REJECT info > > Then when I try to TCP connect to a host, I don't get the connection > refused immediately as shorewall does for TCP/IPv4. But the connection > is trying until it is timed out later. > > Does anybody have any idea why I am getting this and how I make REJECT > work as expected for TCP/IPv6. > > Your help is highly appreciated.
Please forward as a compressed attachment the output of 'shorewall6 dump' and explain the connection you were attempting to make which you felt should have been rejected (use IP addresses rather than DNS names). Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
