finally commit the overly delayed RFC1812 admin prohibited option

author: Harald Welte <laforge@gnumonks.org> 2003-05-24 11:44:18 +0000
committer: Harald Welte <laforge@gnumonks.org> 2003-05-24 11:44:18 +0000
commit: 5a52c517ebb2c7421f57b0f00f2de6697cdd7a9c (patch)
tree: 8509d79b3c4781322acf5dee727d5a0d5af5cdc9 /iptables.8
parent: 690a395725367c814ec20b5508a98eef9bea5bac (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/iptables.8 b/iptables.8
index bd58e09c..f73ff462 100644
--- a/iptables.8
+++ b/iptables.8
@@ -864,8 +864,9 @@ The type given can be
 .BR icmp-host-unreachable ,
 .BR icmp-port-unreachable ,
 .BR icmp-proto-unreachable ,
-.BR "icmp-net-prohibited or"
-.BR icmp-host-prohibited ,
+.BR icmp-net-prohibited ,
+.BR "icmp-host-prohibited or"
+.BR "icmp-admin-prohibited (*)"
 which return the appropriate ICMP error message (\fBport-unreachable\fP is
 the default).  The option
 .B tcp-reset
@@ -874,6 +875,8 @@ TCP RST packet to be sent back.  This is mainly useful for blocking
 .I ident
 (113/tcp) probes which frequently occur when sending mail to broken mail
 hosts (which won't accept your mail otherwise).
+.TP
+(*) Using icmp-admin-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT
 .SS SNAT
 This target is only valid in the
 .B nat
author	Harald Welte <laforge@gnumonks.org>	2003-05-24 11:44:18 +0000
committer	Harald Welte <laforge@gnumonks.org>	2003-05-24 11:44:18 +0000
commit	5a52c517ebb2c7421f57b0f00f2de6697cdd7a9c (patch)
tree	8509d79b3c4781322acf5dee727d5a0d5af5cdc9 /iptables.8
parent	690a395725367c814ec20b5508a98eef9bea5bac (diff)