From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Jos=E9_Irigon?= Subject: Bridge + iptables + REJECT Date: Fri, 27 Aug 2004 20:38:01 -0300 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <2cbad29704082716383a7d33d4@mail.gmail.com> Reply-To: =?ISO-8859-1?Q?Jos=E9_Irigon?= Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1" To: netfilter@lists.netfilter.org Hi, I read all messages sent to list about topics like this, but none of them solved my doubt. I want to do a stealth firewall, a firewall in a bridge which an mallicious client can=B4t find it. This is the idea: When a packet arrive at the bridge (from de outside) if the rules of iptables/ebtables permit it continue, ok. If not, the bridge should reply with packages with the client=B4s ip and rejecting these packages. The problem is I tried use "-j REJECT --reject-with tcp-reset" for example, but the bridge seems to can not reply that packages. At begining I thought it was cause haven=B4t the bridge ip, it couldn=B4t send packages back, but I read in http://sourceforge.net/mailarchive/forum.php?thread_id=3D4073001&forum_id= =3D8573 that it is possible. I recompile kernel and tried anything I believe could be the erlevant, but nothing. Can anyone tell me what could be!? I=B4m using Slackware 9.1 with kernel 2.6.8.1, but I tried with 2.4.22 and didn=B4t work either... []=B4s!