diff options
authorRusty Russell <>2000-03-24 08:39:16 +0000
committerRusty Russell <>2000-03-24 08:39:16 +0000
commita1ce9f9b8265a8c28facd52f4e3c0465dce2b9f0 (patch)
parent2f4e5d92c73906e0dc2ae42fee5c05740528e92b (diff)
Testsuite update.
2 files changed, 4 insertions, 12 deletions
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index f174c6a3..3f5c128a 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -26,10 +26,8 @@ static const struct reject_names reject_table[] = {
IPT_ICMP_PORT_UNREACHABLE, "ICMP port unreachable (default)"},
{"icmp-proto-unreachable", "proto-unreach",
IPT_ICMP_PROT_UNREACHABLE, "ICMP protocol unreachable"},
- {"tcp-reset", "rst",
- IPT_TCP_RESET, "for TCP only: faked TCP RST"},
{"echo-reply", "echoreply",
- IPT_ICMP_ECHOREPLY, "for ICMP echo only: faked ICMP echo reply"},
+ IPT_ICMP_ECHOREPLY, "for ICMP echo only: faked ICMP echo reply"}
static void
diff --git a/iptables.8 b/iptables.8
index 8422711d..c226cef9 100644
--- a/iptables.8
+++ b/iptables.8
@@ -533,16 +533,10 @@ The type given can be
.BR icmp-port-unreachable or
.BR icmp-proto-unreachable
which return the appropriate ICMP error message (net-unreachable is
-the default). The following special types are also allowed:
-.B tcp-reset
-is only valid if the rule also specifies
-.BR "-p tcp" ,
-and generates a TCP reset packet in response. This is generally not a
-good idea (modern stacks should deal with ICMPs on TCP connection
-initiation attempts).
+the default). The option
.B echo-reply
-can only be used for rules which specify an ICMP ping packet, and
-generates a ping reply.
+is also allowed; it can only be used for rules which specify an ICMP
+ping packet, and generates a ping reply.
This is used to set the 8-bit Type of Service field in the IP header.
It is only valid in the