brovvnout at gmail
Aug 16, 2007, 8:19 AM
Post #1 of 1
(501 views)
Permalink
|
|
--reject-with tcp-reset doesn't work in IPv6
|
|
I'm trying to figure out how to set up a rule to reply properly to a
connection attempt to a filtered port, with no success.
ip6tables -I INPUT -p tcp --dport 23 -j REJECT --reject-with tcp-reset
sends an icmp6-port-unreachable (default action for REJECT);
removing the rule (i.e.: trying to connect to a closed unfiltered port)
produces the expected RST.
No problems getting other error messages (icmp6-no-route,
icmp6-addr-unreachable, ...).
send_reset() is defined in net/ipv6/netfilter/ip6t_REJECT.c and looks like
is called properly in reject6_target().
With IPv4 always worked fine. I'm using vanilla kernel 2.6.22.3 and
iptables 1.3.8.
|
