I have a joyent zone (base64 62f148f8-6e84-11e4-82c5-efca60348b9f) with allow_ip_spoofing enabled, and IPv4 forwarding enabled on the nic that is routable to the gateway.
I am trying to block incoming traffic (ssh in this example) and also return a reset packet. However, I'm not seeing the RST packets being sent. Is there something I'm missing? $ ssh [email protected] ssh: connect to host pool.net port 22: Connection timed out [root@dmz ~]# snoop port 22 Using device net0 (promiscuous mode) pool.net -> 10.0.1.254 TCP D=22 S=1025 Syn Seq=1196993286 Len=0 Win=64512 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK> pool.net -> 10.0.1.254 TCP D=22 S=1025 Syn Seq=1196993286 Len=0 Win=64512 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK> pool.net -> 10.0.1.254 TCP D=22 S=1025 Syn Seq=1196993286 Len=0 Win=64512 Options=<mss 1460,nop,nop,sackOK> ipf.conf: block return-rst in proto tcp from any to any { "brand": "joyent", "alias": "dmz", "hostname": "dmz", "autoboot": true, "max_physical_memory": 512, "cpu_cap": 600, "quota": "5", "image_uuid": "62f148f8-6e84-11e4-82c5-efca60348b9f", "nics": [ { "nic_tag": "dmz", "ip": "10.0.1.254", "gateway": "10.0.1.1", "netmask": "255.255.255.0", "primary": true }, { "nic_tag": "elastic0", "ip": "12.0.0.1", "gateway": "12.0.0.1", "netmask": "255.255.255.0", "primary": false }, { "nic_tag": "vpn0", "ip": "12.0.1.1", "gateway": "12.0.1.1", "netmask": "255.255.255.248", "primary": false }, { "nic_tag": "vpnlan0", "ip": "12.0.1.4", "gateway": "12.0.1.4", "netmask": "255.255.255.248", "primary": false }, { "nic_tag": "ssh0", "ip": "12.0.2.1", "gateway": "12.0.2.1", "netmask": "255.255.255.248", "primary": false } ], "resolvers": [ "8.8.8.8", "8.8.4.4" ] } ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
