diff options
author | Harald Welte <laforge@gnumonks.org> | 2003-05-24 11:44:18 +0000 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2003-05-24 11:44:18 +0000 |
commit | 5a52c517ebb2c7421f57b0f00f2de6697cdd7a9c (patch) | |
tree | 8509d79b3c4781322acf5dee727d5a0d5af5cdc9 /iptables.8 | |
parent | 690a395725367c814ec20b5508a98eef9bea5bac (diff) |
finally commit the overly delayed RFC1812 admin prohibited option
Diffstat (limited to 'iptables.8')
-rw-r--r-- | iptables.8 | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -864,8 +864,9 @@ The type given can be .BR icmp-host-unreachable , .BR icmp-port-unreachable , .BR icmp-proto-unreachable , -.BR "icmp-net-prohibited or" -.BR icmp-host-prohibited , +.BR icmp-net-prohibited , +.BR "icmp-host-prohibited or" +.BR "icmp-admin-prohibited (*)" which return the appropriate ICMP error message (\fBport-unreachable\fP is the default). The option .B tcp-reset @@ -874,6 +875,8 @@ TCP RST packet to be sent back. This is mainly useful for blocking .I ident (113/tcp) probes which frequently occur when sending mail to broken mail hosts (which won't accept your mail otherwise). +.TP +(*) Using icmp-admin-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT .SS SNAT This target is only valid in the .B nat |