Larry Moore wrote:
Wolf Geldmacher wrote:
block out log quick on tun7 proto tcp from any to any port = 23
flags S/SAFR
bash-2.05b# telnet 10.10.10.10
Trying 10.10.10.10...
telnet: connect to address 10.10.10.10: No route to host
bash-2.05b#
Larry.
I inserted the line you suggested (replacing the interface by my hme0
;-) but it
does not change the timeout behaviour for me at all, i.e. I still
have to wait
3 minutes+.
May I should add that the machine I try to prevent access to in fact
does exist
and routing is setup to it? If I try to connect to an non-existing IP
I get the
same behavour you get (and fast), but this is independent of the ipf
configuration.
If you are attempting to make the telnet connection coming on on one
interface and going out on hme0, do you have a rule to permit the
Telnet session on the other interface and if so does it keep state?
Larry.
That's not what I'm trying to do. I'm trying to block outgoing telnet
connections from my machine with a
fast timeout, regardless of the interface (of which I only have one
(besides loopback, which I'm not concerned about)).
