Hi Steven,
Hi I have a lot of mail servers trying to connect to my identd port (113) when sending mail to me.
<Quote> The problem comes about because the firewall silently drops the SYN packet. The e-mail server is expecting an immediate SYN-ACK (identd supported) or RST (identd not supported), but when the firewall drops the packet it keeps trying until the connection times out. http://www.robertgraham.com/pubs/firewall-seen.html#slow-email <Quote>
How do you reconfigure the firewall to RST all those connections the incomming smtp requests on the identd port (113) using "pchains".
You can't. The RST bit is a result from the TCP stack answering the request. The firewall rules kick in before. You can add a REJECT rule before the others that matches these packets. In this case, destination unreachable type ICMP packets are sent back. These will have the same effect as the RST TCP packets.
Thanks in advance
Steven
Thanks,
Roman.
--
- -
| Roman Drahtmüller