Mark E. Donaldson writes: > My views are this: If you are going to reset a TCP connection, it is best to > do so at the earliest possible moment of a TCP session, preferably after the > initial syn of the three-way handshake. When I use "-j REJECT --reject-with > tcp-reset" it is always in response to a NEW (thus syn) packet. There are times when the earliest possible moment is long after the initial syn. For example: you ssh from A to B and then someone reboots B while you're idle. When B is back up, if it simply DROPs packets that aren't established and aren't syns, your ssh session will appear hung. A reset makes it clear the session is terminated. -- Dick St.Peters, stpeters@xxxxxxxxxxxxx Gatekeeper, NetHeaven, Saratoga Springs, NY
