I posted my problem about the Solaris10 installation of IPFilter
> ipf -V
ipf: IP Filter: v4.1.9 (592)
and its inconsitent behaviour with respect to generating RST/ACK packets
via the return-rst rule. I'm not getting any closer to the solution.
I've read Phil's FAQ on adding an egress rule to allow RST packet out,
but that doesn't seem to help.
To restate the problem, if I have a rule like
block return-rst in log level local1.info quick proto tcp from any to
any port = 25
it eventually fails to emit a RST/ACK packet (verified with snoop) for some
hosts (but will work for others).
What's more bizarre is that if I
- add a rule to explicitely allow connections from hosts that didn't
receive RST/ACK before
- initiate a TCP session on port 25 from the remote host
- take away the pass rule and reinstate the block rule
return-rst starts working again, but will fail eventually. Can anyone explain
this bizarre behaviour?
Joseph Tam <[EMAIL PROTECTED]>
