Re: ICMP dest-unreach in SYN_* states of TCP

[Taral]

On Wed, 14 Jul 1999, Jamie Lokier wrote:

> Excellent, so a "tcprst" rule instead of "reject" in the host's packet
> firewall is ok then?

I don't understand why this is necessary. Firewalls are designed to
isolate a network from another network. There is only ONE way to a host
behind a firewall, and that is through that firewall. So "reject" should
send a RST (or ICMP port unreachable, same difference) on TCP packets.

Taral

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]