On Tuesday 2011-01-11 22:10, Grant Taylor wrote: > On 01/11/11 11:39, Pascal Hambourg wrote: >> However this sends only one RST to one side of the connection, >> leaving the connection half-open - until the other side sends a >> packet and gets a RST too. IMO it would be more elegant to send RSTs >> to boths sides of the connection. > > Wouldn't it be possible to send packet to user space and have something else > send the reset packets to both ends? I.e. use IPTables to match the packets > and have a user space daemon act on what IPTables matched. Well, you could augment ipt_REJECT to send two packets. It does not have to just send one. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
