Hi Chris, > > I've noticed some problems with TCP resets not being generated properly in > > recent kernels (since 2.4.19 I think). Could you try REJECT without > > tcp-reset, and see if the ICMP error is sent out of the correct interface? > > It's the same issue. We don't see the TCP resets because they are being > sent out of the wrong interface. I'm investigating. In the mean time you > can try REJECT without tcp-reset, that works for us. > Yes, REJECT without tcp-reset works as expected. thanks, juergen
