Hello! > If I set a rule to reject your connection's packets, this is NOT a > transient thing. Retrying the packet will simply elicit another rejection > from the firewall... How did the packet reach this firewall? Firewall (if it is not embedded to destination host) cannot differ packets lost in the internet of "administaratively obeyed" to it. It is pretty common case in networks of topology different of trivial. > So the present behaviour of ignoring ICMP policy reject+port unreachable > during TCP Syn setup is correct? ??? Sorry, it is not true. Alexey - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
- ICMP dest-unreach in SYN_* states of TCP Taral
- Re: ICMP dest-unreach in SYN_* states of TCP kuznet
- Re: ICMP dest-unreach in SYN_* states of TCP Jamie Lokier
- Re: ICMP dest-unreach in SYN_* states of TCP kuznet
- Re: ICMP dest-unreach in SYN_* states of TCP Jamie Lokier
- Re: ICMP dest-unreach in SYN_* states o... kuznet
- Re: ICMP dest-unreach in SYN_* stat... Taral
- Re: ICMP dest-unreach in SYN_* ... kuznet
- Re: ICMP dest-unreach in SYN_* ... Jamie Lokier
- Re: ICMP dest-unreach in SYN_* ... kuznet
- Re: ICMP dest-unreach in SYN_* ... Jamie Lokier
- Re: ICMP dest-unreach in SYN_* ... kuznet
- Re: ICMP dest-unreach in SYN_* ... Jamie Lokier
- Re: ICMP dest-unreach in SYN_* ... Taral
- Re: ICMP dest-unreach in SYN_* ... Jamie Lokier
- Re: ICMP dest-unreach in SYN_* ... kuznet
- Re: ICMP dest-unreach in SYN_* ... Jamie Lokier
- Re: ICMP dest-unreach in SYN_* ... kuznet
