summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrusty <rusty>2000-07-30 01:10:04 +0000
committerrusty <rusty>2000-07-30 01:10:04 +0000
commit64907cece9311d1c339b15eda3f3b4d43f916764 (patch)
tree91cee54f7083770c2770da3adcc55ab6fce82480
parent45d299bd79bac718a369e0c191bad158471ff91f (diff)
Updated REJECT documentation
-rw-r--r--iptables.813
1 files changed, 10 insertions, 3 deletions
diff --git a/iptables.8 b/iptables.8
index 2fab58b..3e899af 100644
--- a/iptables.8
+++ b/iptables.8
@@ -530,13 +530,20 @@ returned:
The type given can be
.BR icmp-net-unreachable ,
.BR icmp-host-unreachable ,
-.BR icmp-port-unreachable or
-.BR icmp-proto-unreachable
+.BR icmp-port-unreachable ,
+.BR icmp-proto-unreachable ,
+.BR icmp-net-prohibited or
+.BR icmp-host-prohibited ,
which return the appropriate ICMP error message (port-unreachable is
the default). The option
.B echo-reply
is also allowed; it can only be used for rules which specify an ICMP
-ping packet, and generates a ping reply.
+ping packet, and generates a ping reply. Finally, the option
+.B tcp-reset
+can be used on rules in (or called from) the
+.B INPUT
+chain which only match the TCP protocol: this causes a TCP RST packet
+to be sent back.
.SS TOS
This is used to set the 8-bit Type of Service field in the IP header.
It is only valid in the