Re: Reject with tcp-reset on a bridge

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My scenario is slightly different.
tcpdump doesn't show ANY response, with the right or wrong MAC.

Ubuntu 7.10, kernel 2.6.22-14

2008/4/23, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>:
> On Wednesday 2008-04-23 20:31, Gilad Benjamini wrote:
>
>  >I am using iptables to firewall connections on a bridge.
>  >
>  >The rule below (minimized to the sake of the example) works
>  >       iptables -A FORWARD -p tcp -j REJECT
>  >
>  >A TCP-reset variation doesn't work
>  >      iptables -A FORWARD -p tcp -j REJECT  --reject-with tcp-reset
>  >
>  >The TCP packets don't go through, but I don't see a RST, or any other
>  >packet, coming back.
>  >My options are:
>  >   a. Something is wrong in my configuration
>  >   b. This isn't suppose to work
>  >   c. This doesn't work because of a bug
>  >   d. None of the above
>  >
>  >Which is it ?
>
>
> Since missing features may be perceived as bugs but which of course
>  are not, it would be 0.5*c+0.5*d.
>
>  http://marc.info/?l=netfilter-devel&m=120716501006420&w=2
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux