diff options
Diffstat (limited to 'extensions/libipt_REJECT.man')
-rw-r--r-- | extensions/libipt_REJECT.man | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/extensions/libipt_REJECT.man b/extensions/libipt_REJECT.man index d738a3d4..c419a85e 100644 --- a/extensions/libipt_REJECT.man +++ b/extensions/libipt_REJECT.man @@ -11,24 +11,22 @@ chains, and user-defined chains which are only called from those chains. The following option controls the nature of the error packet returned: .TP -.BI "--reject-with " "type" +\fB\-\-reject\-with\fP \fItype\fP The type given can be -.nf -.B " icmp-net-unreachable" -.B " icmp-host-unreachable" -.B " icmp-port-unreachable" -.B " icmp-proto-unreachable" -.B " icmp-net-prohibited" -.B " icmp-host-prohibited or" -.B " icmp-admin-prohibited (*)" -.fi -which return the appropriate ICMP error message (\fBport-unreachable\fP is +\fBicmp\-net\-unreachable\fP, +\fBicmp\-host\-unreachable\fP, +\fBicmp\-port\-unreachable\fP, +\fBicmp\-proto\-unreachable\fP, +\fBicmp\-net\-prohibited\fP, +\fBicmp\-host\-prohibited\fP or +\fBicmp\-admin\-prohibited\fP (*) +which return the appropriate ICMP error message (\fBport\-unreachable\fP is the default). The option -.B tcp-reset +\fBtcp\-reset\fP can be used on rules which only match the TCP protocol: this causes a TCP RST packet to be sent back. This is mainly useful for blocking .I ident (113/tcp) probes which frequently occur when sending mail to broken mail hosts (which won't accept your mail otherwise). .PP -(*) Using icmp-admin-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT +(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT |