path: root/iptables.8
diff options
authorRusty Russell <>2000-07-30 01:10:04 +0000
committerRusty Russell <>2000-07-30 01:10:04 +0000
commit14f390f569679b7b656237c74d383a3860b1cbda (patch)
tree91cee54f7083770c2770da3adcc55ab6fce82480 /iptables.8
parent8c245b5afbee1a79439e18805130a636ef96019e (diff)
Updated REJECT documentation
Diffstat (limited to 'iptables.8')
1 files changed, 10 insertions, 3 deletions
diff --git a/iptables.8 b/iptables.8
index 2fab58ba..3e899afb 100644
--- a/iptables.8
+++ b/iptables.8
@@ -530,13 +530,20 @@ returned:
The type given can be
.BR icmp-net-unreachable ,
.BR icmp-host-unreachable ,
-.BR icmp-port-unreachable or
-.BR icmp-proto-unreachable
+.BR icmp-port-unreachable ,
+.BR icmp-proto-unreachable ,
+.BR icmp-net-prohibited or
+.BR icmp-host-prohibited ,
which return the appropriate ICMP error message (port-unreachable is
the default). The option
.B echo-reply
is also allowed; it can only be used for rules which specify an ICMP
-ping packet, and generates a ping reply.
+ping packet, and generates a ping reply. Finally, the option
+.B tcp-reset
+can be used on rules in (or called from) the
+chain which only match the TCP protocol: this causes a TCP RST packet
+to be sent back.
This is used to set the 8-bit Type of Service field in the IP header.
It is only valid in the