Hello, I would like to force a 'connection refused' when connecting to a specific host/port and to do so I'm using the following rule: iptables -A OUTPUT -d 10.99.12.15 -p tcp --dport 27017 -j REJECT --reject-with icmp-port-unreachable This works fine except that it takes around 1 second for the reply to come (I've straced it and it's really the call to connect() that hangs). I've tried the following rules on multiple kernels from the 2.x, 3.x and 4.x branches and the behavior is always the same. There wasn't any other rule in any chain when these tests were done. Would anybody know what could cause this delay and how to address that? Thanks! Renaud -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
