> > On 14/5/23 08:14, Tom Reed wrote: >> /usr/sbin/iptables -A INPUT -p tcp --dport 143 -j REJECT --reject-with >> tcp-reset >> /usr/sbin/iptables -A INPUT -p tcp --dport 587 -j REJECT --reject-with >> tcp-reset >> >> When I telnet from another host to the protected port, it gets timeout >> message as follows. >> >> telnet: Unable to connect to remote host: Connection timed out >> >> >> IIRC, timeout should happen for iptables DROP action. Since I am using >> REJECT, why the connect shouldn't get disconnected quickly? > > There may be an earlier rule in your config that stops the REJECT rule > being hit. > > check rule order with > > |iptables -L -n -v The other possibility is you aren't running telnet. > netstat -tulnpW | grep 23 | > --
Hello I telnet to host:587 not the port 23. And port 587 already reject access with tcp rst. REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 reject-with tcp-reset So what's the reason? Thank you.