* Forcing an RST
@ 2006-02-20 17:45 James Strickland
2006-02-20 18:03 ` Sven Schuster
2006-02-20 18:05 ` Steven M Campbell
0 siblings, 2 replies; 4+ messages in thread
From: James Strickland @ 2006-02-20 17:45 UTC (permalink / raw)
To: netfilter
Hi. Is there a way so that when a packet reaches the filter table input
chain with the Syn flag set, that i send out a response with RST?
ie: connections to my wan interface with Syn set (trying to establish) on
port 80 get a RST response to the sender?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Forcing an RST
2006-02-20 17:45 Forcing an RST James Strickland
@ 2006-02-20 18:03 ` Sven Schuster
2006-02-20 18:05 ` Steven M Campbell
1 sibling, 0 replies; 4+ messages in thread
From: Sven Schuster @ 2006-02-20 18:03 UTC (permalink / raw)
To: James Strickland; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 836 bytes --]
Hi James,
On Mon, Feb 20, 2006 at 12:45:20PM -0500, James Strickland told us:
> Hi. Is there a way so that when a packet reaches the filter table input
> chain with the Syn flag set, that i send out a response with RST?
>
> ie: connections to my wan interface with Syn set (trying to establish) on
> port 80 get a RST response to the sender?
iptables -A INPUT -i <your wan device> -p tcp --dport 80 \
-j REJECT --reject-with tcp-reset
But this should be not too hard to find in any of the iptables
tutorials out there ;-), e.g.
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
have a nice day ;-)
Sven
--
Linux zion.homelinux.com 2.6.16-rc3-mm1_27 #27 Wed Feb 15 17:51:36 CET 2006 i686 athlon i386 GNU/Linux
19:00:44 up 2 days, 23:16, 1 user, load average: 0.07, 0.14, 0.18
[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Forcing an RST
2006-02-20 17:45 Forcing an RST James Strickland
2006-02-20 18:03 ` Sven Schuster
@ 2006-02-20 18:05 ` Steven M Campbell
2006-02-20 19:18 ` Steven M Campbell
1 sibling, 1 reply; 4+ messages in thread
From: Steven M Campbell @ 2006-02-20 18:05 UTC (permalink / raw)
To: James Strickland; +Cc: netfilter
James Strickland wrote:
> Hi. Is there a way so that when a packet reaches the filter table input
> chain with the Syn flag set, that i send out a response with RST?
>
> ie: connections to my wan interface with Syn set (trying to establish) on
> port 80 get a RST response to the sender?
>
>
>
Use -p tcp --syn -j REJECT --with tcp-reset
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Forcing an RST
2006-02-20 18:05 ` Steven M Campbell
@ 2006-02-20 19:18 ` Steven M Campbell
0 siblings, 0 replies; 4+ messages in thread
From: Steven M Campbell @ 2006-02-20 19:18 UTC (permalink / raw)
To: Steven M Campbell; +Cc: netfilter, James Strickland
Steven M Campbell wrote:
> James Strickland wrote:
>> Hi. Is there a way so that when a packet reaches the filter table input
>> chain with the Syn flag set, that i send out a response with RST?
>>
>> ie: connections to my wan interface with Syn set (trying to
>> establish) on
>> port 80 get a RST response to the sender?
>>
>>
>>
> Use -p tcp --syn -j REJECT --with tcp-reset
>
>
>
heh, both of us got it wrong, sven missed the syn bit, I missed the port 80
-p tcp --syn --dport 80 -j REJECT --with tcp-reset
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-02-20 19:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-02-20 17:45 Forcing an RST James Strickland
2006-02-20 18:03 ` Sven Schuster
2006-02-20 18:05 ` Steven M Campbell
2006-02-20 19:18 ` Steven M Campbell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.