libipt_REJECT.man revision e37d45ce390c2f5a7f1e64742b9100ecef0def54
10409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny ChenThis is used to send back an error packet in response to the matched 20409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenpacket: otherwise it is equivalent to 30409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.B DROP 40409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenso it is a terminating TARGET, ending rule traversal. 50409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny ChenThis target is only valid in the 60409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.BR INPUT , 70409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.B FORWARD 80409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenand 90409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.B OUTPUT 100409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenchains, and user-defined chains which are only called from those 110409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenchains. The following option controls the nature of the error packet 120409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenreturned: 130409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.TP 140409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fB\-\-reject\-with\fP \fItype\fP 150409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny ChenThe type given can be 160409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-net\-unreachable\fP, 170409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-host\-unreachable\fP, 180409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-port\-unreachable\fP, 190409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-proto\-unreachable\fP, 200409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-net\-prohibited\fP, 210409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-host\-prohibited\fP or 220409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBicmp\-admin\-prohibited\fP (*) 230409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenwhich return the appropriate ICMP error message (\fBport\-unreachable\fP is 240409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenthe default). The option 250409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen\fBtcp\-reset\fP 260409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chencan be used on rules which only match the TCP protocol: this causes a 270409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny ChenTCP RST packet to be sent back. This is mainly useful for blocking 280409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.I ident 290409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen(113/tcp) probes which frequently occur when sending mail to broken mail 300409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chenhosts (which won't accept your mail otherwise). 310409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen.PP 320409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT 330409d995d366a12b16ea5bf1ddd9cfdec9783924Johnny Chen