blob: c419a85e48219ab3baaf6ededc9cb84501ed7c23 (plain
This is used to send back an error packet in response to the matched
packet: otherwise it is equivalent to
so it is a terminating TARGET, ending rule traversal.
This target is only valid in the
.BR INPUT ,
chains, and user-defined chains which are only called from those
chains. The following option controls the nature of the error packet
The type given can be
which return the appropriate ICMP error message (\fBport\-unreachable\fP is
the default). The option
can be used on rules which only match the TCP protocol: this causes a
TCP RST packet to be sent back. This is mainly useful for blocking
(113/tcp) probes which frequently occur when sending mail to broken mail
hosts (which won't accept your mail otherwise).
(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT