Howdy
My goal is to block locally the applications on a Solaris 10 server to access specific port on a remote machine. All attempts to access the <remote ip>:<remote port> should be rejected with ICMP port unreachable or with TCP RST.
I tried with the following:
block return-icmp(port-unr) out proto tcp from any to 10.118.128.79/32 port = 1521
and
block return-rst out proto tcp from any to 10.118.128.79/32 port = 1521
In both cases connections to this IP/port are timing out instead of being rejected right on the spot.
For example the below works just fine in Linux:
# iptables -I OUTPUT -d 10.118.128.79 -p tcp --dport 1521 -j REJECT
# telnet 10.118.128.79 1521
Trying 10.118.128.79...
telnet: connect to address 10.118.128.79: Connection refused