On Tue, 2002-11-12 at 12:59, Steffen Dettmer wrote:
* Raymond Leach wrote on Tue, Nov 12, 2002 at 12:08 +0200:
On Tue, 2002-11-12 at 12:07, Steffen Dettmer wrote:
Well, wouldn't it be possible that the "--reject-with tcp-reset" generates the TCP RST packet?!
Yes, but then why is it generated as being from the targeted server instead of the firewall? That means that I have to allow the target server to 'repond' to smtp 25 packets with a forwarding rule, or live with the entries in the log and one more packet on the network ...
Otherwise, the client would get an RST from a destination it never tried to contact and would discard the packet.
OK, but then do I still need to forward the smtp ACK RST packets that are generated, or should I just change the rule to DROP instead of REJECT? --