s�n, 2002-04-14 kl. 16:35 skrev Antony Stone: > Is there any way to allow such IDENT packets, which arrive immediately after > an outgoing connection, to be classified as RELATED, and to be NATed on to > the internal client (as, for example, some ICMP packets do, I believe) ?
I let my Netfilter send a TCP reset directly from the firewall: ## AUTH server # Reject ident probes with a tcp reset. # I need to do this for a broken mailhost that won't accept my mail if I # just drop its ident probe. iptables -A INPUT -i $IFACE0 -p tcp --dport 113 -j REJECT \ --reject-with tcp-reset No credit to me, someone else wrote this! Best, Tonni Sogning -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
