On Tue, 16 Mar 2004, Fabiano Reis wrote: > To start the test I added a rule to block the connections that came > from the two clients I have. > > iptables -A INPUT -p tcp --source 192.168.0.2 --dport 23 -j REJECT > iptables -A INPUT -p tcp --source 192.168.0.3 --dport 23 -j REJECT For best operation you should reject TCP packets with a "TCP RESET". See the documentation for the REJECT target. By default REJECT rejects the packet by returing an "ICMP Administratively Probited" message, and different TCP implementation behave differently in receiving this message. The semantic difference between using TCP Reset or ICMP administratively probited is that TCP Reset tells the client that the TCP port is closed while the ICMP message tells the client that he is not allowed to talk to this port. Regards Henrik
