[Firehol-support] ACK RST on rejected services

Tsaousis, Costa costa at tsaousis.gr
Thu Mar 12 16:06:35 GMT 2015


Rich,

Thank you for running all tests. Very helpful!

> ✓ Implicit Reject: Logged in IN chain only, client times out

The client should not timeout, but rejected.
Are you sure the client timed out?

> ✗/✓ Implicit Accept; Implicit accept for particular service: no log, client rejected - but this is not a supported configuration anyway.

I don't get this test.
Can you explain it a bit?

Thanks!

Costa


On Thu, Mar 12, 2015 at 1:06 PM, Rich <forums at artfulrobot.uk> wrote:
> Hi Costa,
>
> I can confirm that that works as expected now:
>
> ✓ Implicit Drop: Logged in IN chain only, client times out
> ✓ Implicit Reject: Logged in IN chain only, client times out
> ✓ Implicit Drop; Explicit Drop for particular service: no log, client times
> out.
> ✓ Implicit Drop; Explicit Reject for particular service: no log, client
> rejected.
> ✓ Implicit Reject; Explicit Drop for particular service: no log, client
> times out.
> ✓ Implicit Reject; Explicit Reject for particular service: no log, client
> rejected.
> ✓ Implicit Accept; Explicit Drop for particular service: no log, client
> times out.
> ✓ Implicit Accept; Explicit Reject for particular service: no log, client
> rejected.
>
> ✗/✓ Implicit Accept; Implicit accept for particular service: no log, client
> rejected - but this is not a supported configuration anyway.
>
> Thanks.
>
> Rich
>



More information about the Firehol-support mailing list