mattjackets wrote: > I hope this is a quick question for the experts...I'm at a loss as to > how to do this: > Drop packets with dest port 4321 with the rst flag set. > > Here's what the rule I have in mind would look like (iptables -L) > target prot opt source destination > DROP tcp -- anywhere anywhere tcp > dpt:4321 flags:RST/RST > > How can this be done in the shorewall rules file? or do I need to > create a special macro or something? > > The box running shorewall is doing NAT for my lan...so in the end I > would like this rule to apply to packets heading to clients on the lan. > (something like: DROP net loc tcp 4321 with the tcp flags information > added somewhere...) > > I know this will leave hanging tcp sockets, but it's needed in my case > :(
Wrong URL in my last post -- s/b: http://www.shorewall.net/3.0/Actions.html#NFQUEUE -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
