diff options
Diffstat (limited to 'extensions/libip6t_REJECT.man')
-rw-r--r-- | extensions/libip6t_REJECT.man | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/extensions/libip6t_REJECT.man b/extensions/libip6t_REJECT.man index 877a769c..2d09e050 100644 --- a/extensions/libip6t_REJECT.man +++ b/extensions/libip6t_REJECT.man @@ -11,25 +11,23 @@ chains, and user-defined chains which are only called from those chains. The following option controls the nature of the error packet returned: .TP -.BI "--reject-with " "type" +\fB\-\-reject\-with\fP \fItype\fP The type given can be -.nf -.B " icmp6-no-route" -.B " no-route" -.B " icmp6-adm-prohibited" -.B " adm-prohibited" -.B " icmp6-addr-unreachable" -.B " addr-unreach" -.B " icmp6-port-unreachable" -.B " port-unreach" -.fi -which return the appropriate ICMPv6 error message (\fBport-unreach\fP is +\fBicmp6\-no\-route\fP, +\fBno\-route\fP, +\fBicmp6\-adm\-prohibited\fP, +\fBadm\-prohibited\fP, +\fBicmp6\-addr\-unreachable\fP, +\fBaddr\-unreach\fP, +\fBicmp6\-port\-unreachable\fP or +\fBport\-unreach\fP +which return the appropriate ICMPv6 error message (\fBport\-unreach\fP is the default). Finally, the option -.B tcp-reset +\fBtcp\-reset\fP can be used on rules which only match the TCP protocol: this causes a TCP RST packet to be sent back. This is mainly useful for blocking .I ident (113/tcp) probes which frequently occur when sending mail to broken mail hosts (which won't accept your mail otherwise). -.B tcp-reset +\fBtcp\-reset\fP can only be used with kernel versions 2.6.14 or later. |