TCP 'Connection Refused' is sent by the LTM in case no VS is configured on this port. Can this be changed?

Question

Due to Security Guidelines, I have to change the default behaviour of the LTM to suppress the 'Connection Refused' replies in case a TCP Connection is tried to be established to an unused TCP Port.&nbsp;
I know that this could be done using the Packet Filter - but I would like to avoid the use of the Packet Filter.
An Idea would be to create a VS which matches to any port and attach an iRule which drops the request. But as this would increase the load on the F5 it's no option....
Is it possible to change the behaviour of the TMM?&nbsp;
Thanks,
Rolf&nbsp;

petewhite · Answer

This may help&nbsp;
SOL13151: Configuring the rate at which the BIG-IP system issues TCP RSTs or ICMP unreachable packets (11.x)&nbsp;

mike_maher · Answer

In what manner do you want it to respond to this scenario?

Forum Discussion

TCP 'Connection Refused' is sent by the LTM in case no VS is configured on this port. Can this be changed?

2 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Certificate Expiry Email alert configuration

F5 Connection Mirroring question

DevCentral Connects hosts Capture the Flag!

I need an irule to decline/refuse/ an incomming tcp session from a source to a vip (ip address/port)

relocation cpu core on vcmp host the guest configuration back to default configuration