[CLUE-Tech] Here's an idea.
Keith Hellman
kehellman at yahoo.com
Tue Apr 22 08:52:56 MDT 2003
On Mon, Apr 21, 2003 at 03:59:58PM -0600, David Anselmi wrote:
> Keith Hellman wrote:
> >A little embaressing, but I've done this SO MANY times, I'm sure ssh
> >connections persist while drop rules are changed.
>
> Probably lose the connection if the rule is reject.
I dunno. I know that REJECT naks the syn (is that right?) instead of
just ignoring it. But in this scenario, we are talking about a
connection that is already past the hand shake...
...wait a minute...
Just tried iptables -F INPUT && iptables -A INPUT -j REJECT,
(I lost the ssh connection), but it came back to life after I restored
the correct rules. The man page says that REJECT==DROP accept that it
naks the syn packet - perhaps this is result should be expected.
YMMV
--
Keith Hellman #include <disclaimer.h>
kehellman at yahoo.com from disclaimer import standard
Experience is a harsh teacher. She gives the test before you learn the
lesson.
More information about the clue-tech
mailing list