Re: iptables REJECT types for UDP (if any)

From: Michael (mystic@tenebrous.com)
Date: 11/27/02

  • Next message: Alex 'CAVE' Cernat: "Re: kazaa, dante, and iptables" 
    Date: Wed, 27 Nov 2002 14:13:41 -0500
From: Michael <mystic@tenebrous.com>
To: alex@zodiac.dnsalias.org

    In the case of my setup, I have to reject with host unreachable because I drop all outbound ICMP port unreachable packets to block traceroutes..

    On Fri, 22 Nov 2002 17:31:56 +0100
    Alexander Gran <Alexander.Gran@web.de> wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Am Montag, 18. November 2002 08:13 schrieb Seth Arnold:
    > > ICMP has a "port unreachable" packet that might fit this perfectly.
    > > (Type 3 code 3.) "host unreachable" is more draconian but probably gets
    > > the same message across. :)
    >
    > No, it doesn't. Using host unreachable _might_ make an other system think that
    > yours is down, which is not wanted most times.
    >
    > regards
    > Alex
    >
    > - --
    > Some operating systems are called `user friendly',
    > Linux however is `expert friendly'.
    > Encrypted Mails welcome. Send spam to toZodiac@gmx.net, please.
    > PGP-Key at http://zodiac.dnsalias.org/misc/pgpkey.asc | Key-ID: 0x6D7DD291
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.0.6 (GNU/Linux)
    > Comment: For info see http://www.gnupg.org
    >
    > iD8DBQE93lv//aHb+2190pERAt7GAJwJILEbSpgo9LQiPe7acYyO0E+lSgCghupM
    > qt/DhPD2qygzh+HV5YDn9eg=
    > =19ZZ
    > -----END PGP SIGNATURE-----
    >
    >

    Relevant Pages