"icmp-port-unreachable"
daniele giacomini
daniele@swlibero.org
Mon, 9 Jul 2001 11:42:16 +0200 (CEST)
Thank you all for your answers.
I just add this to explain better what I meant. If there is nothing to
add, I don't expect other replys.
On Sun, 8 Jul 2001, Chris Allan wrote:
[...]
>> # iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -dport 80 -j REJECT
>>
>> # iptables -L INPUT
>>
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>> REJECT tcp -- localhost localhost tcp dpt:www reject-with icmp-port-unreachable
>>
>> Is it correct "icmp-port-unreachable"?
>
>Yes, this is correct, here you're specifying the response to a TCP
>packet. In this case you're sending, in response, an
>ICMP-port-unreachable packet.
Of course; I meant that I thought more logic something like:
REJECT tcp -- localhost localhost tcp dpt:www reject-with icmp type port-unreachable
so, with -n, I could have also:
REJECT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:80 reject-with icmp type 3/3
I mean that icmp-port-unreachable seems the name of something, and
instead it is the description of what happens.
Saluti/Regards/Grüße,
daniele giacomini - Treviso, Italy