[Shorewall-users] Getting Confused - to "reject" or "REJECT"?
tis at foobar.fi
Thu Jun 12 00:22:06 PDT 2003
Tom Eastep wrote:
> The offending code is in ipt_REJECT.c and appears to be intentional. The
> net result of the change is that "REJECT --reject-with tcp-reset" will
> only work from the INPUT chain and not from the FORWARD or OUTPUT chains
> (although it does work in OUTPUT for the loopback case).
Funny. This style of systems won't work any more:
> I'm currently running some Shorewall code here that creates two
> rejection chains: reject and rejecti. The former is used in rules that
> might get invoked from the FORWARD or OUTPUT chains while the latter is
> used in cases that are known to be associated with the INPUT chain.
Does that work? or was it so that REJECT --with tcp-reset didn't work on
reject chain because there was references to it (reject) from other than
> This code should work ok regardless of the final resolution of the
> bug/feature and is available from the Shorewall/ project in CVS.
I could check that out.
Tuomo Soini <tis at foobar.fi>
Linux and network services
Foobar Oy <http://foobar.fi/>
More information about the Shorewall-users