Re: firewall, reject: icmp vs. tcp

Alan Cox (iialan@iifeak.swan.ac.uk)
Tue, 9 Apr 1996 14:59:32 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jason Eggleston: "PPP slowdown "proof" tcpdump"
Previous message: Ulrich Windl: "Re: PATCH: ramdisk loading status display is corrupted"
In reply to: Herbert Rosmanith: "firewall, reject: icmp vs. tcp"
Next in thread: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"

> e.g. "ipfwadm -I -a reject -S <source> -D <dest> <port> -P tcp", then
> on the host <source> requesting for that connection, ICMP packets
> arrive telling something like "port unreachable".
>
> unfortunately, some tcp/ip stacks, at least win/NT and w95, do not understand
> these icmp packets and continue to try to open a connection until a timeout
> occurres.

I would suggest you refer the problem to microsoft. Using reject also upsets
older HP/UX machines in fun ways. I'd refer that to HP (and get an up to
date HP/UX.

Alan

Next message: Jason Eggleston: "PPP slowdown "proof" tcpdump"
Previous message: Ulrich Windl: "Re: PATCH: ramdisk loading status display is corrupted"
In reply to: Herbert Rosmanith: "firewall, reject: icmp vs. tcp"
Next in thread: Ulrich Windl: "Re: firewall, reject: icmp vs. tcp"