StoneBlog.stonesoft.com

The refuse action behaves differently depending on the protocol in rule:

• For TCP packets (with any combination of flags), a TCP Reset packet is sent with proper port and sequence number settings.

• For UDP packets, an ICMP Port Unreachable (Type 3, Code 3) is sent with the eight first bytes copied from the original IP packet (exactly like they appear) in the payload.

• For ICMP packets, no responses are sent at all. This is treated like a ‘discard’ action would be used.

• For any other type of IP packets, an ICMP Protocol Unreachable (Type 3, Code 2) is sent with the eight first bytes copied from the original IP packet (exactly like they appear) in the payload.

written by christoph - 1,134 views \\ tags: action, engine, Policy, refuse, stonegate firewall