From e98c6ca0cd66184de43eb4c8cc34114fb72c88f6 Mon Sep 17 00:00:00 2001 From: laforge Date: Thu, 22 Jan 2004 15:04:24 +0000 Subject: split manpages into per-extension manpage snippet (Henrik Nordstrom) add lots of missing manpage snippets (Harald Welte) --- extensions/libip6t_REJECT.man | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 extensions/libip6t_REJECT.man (limited to 'extensions/libip6t_REJECT.man') diff --git a/extensions/libip6t_REJECT.man b/extensions/libip6t_REJECT.man new file mode 100644 index 0000000..75930f1 --- /dev/null +++ b/extensions/libip6t_REJECT.man @@ -0,0 +1,34 @@ +This is used to send back an error packet in response to the matched +packet: otherwise it is equivalent to +.B DROP +so it is a terminating TARGET, ending rule traversal. +This target is only valid in the +.BR INPUT , +.B FORWARD +and +.B OUTPUT +chains, and user-defined chains which are only called from those +chains. The following option controls the nature of the error packet +returned: +.TP +.BI "--reject-with " "type" +The type given can be +.nf +.B " icmp6-no-route" +.B " no-route" +.B " icmp6-adm-prohibited" +.B " adm-prohibited" +.B " icmp6-addr-unreachable" +.B " addr-unreach" +.B " icmp6-port-unreachable" +.B " port-unreach" +.fi +which return the appropriate IPv6-ICMP error message (\fBport-unreach\fP is +the default). Finally, the option +.B tcp-reset +can be used on rules which only match the TCP protocol: this causes a +TCP RST packet to be sent back. This is mainly useful for blocking +.I ident +(113/tcp) probes which frequently occur when sending mail to broken mail +hosts (which won't accept your mail otherwise). + -- cgit v1.2.3