| gabriel rosenkoetter on Thu, 16 May 2002 12:39:27 -0400 |
|
[Martin, just Cc'ing you so you know I'm not a complete ass. ;^>] On Thu, May 16, 2002 at 11:12:58AM -0400, gabriel rosenkoetter wrote: > The one that pisses me off most frequently is that it is literally > impossible to return an RST packet in any way other than letting > the packet fall through to the kernel's TCP/IP stack. Aha! I'm wrong! I was basing my information on an (old) USENET posting and a cursory glance at iptables(8). As Martin pointed out privately, though it's not listed in the TARGETS section of the man page (why the hell not? Oh, I see, it's a "target expansion"; whatever), Netfilter has a REJECT target, which takes a --reject-with argument... including "tcp-reset" which does what I want. Poor documentation can (unfortunately!) hardly be counted as a point against software in the Unix world, it's more the norm. So, with that and realizing Linux's loopback naming convention, I'm happy. :^> -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpaXQE6qXxAM.pgp
|
|