Hi, > I finally looked in the source and found "icmp-admin-prohibited" but > when I tried it with 1.2.7 it didn't work. In order to have it working you need, iptables-1.2.8+ and kernel 2.4.22+ (i think it was around 2.4.21 when it was accepted) These two contain the correct code for this option to work. You are encouraged to use the latest iptables package and 2.4.22+ kernel, because with previous kernels this would not work, using this option would result in a plain DROP instead of sending icmp. Please use the most up2date sources. If you do not want to change for some reason your 1.2.7 code, you would still need to patch your kernel code to update the ipt_REJECT module, and patch your iptables-1.2.7 sources to update libipt_REJECT userspace module. So you'd be better of using 1.2.9 and 2.4.22+ No patching with those two running. Regards, Maciej (the author of admin-prohib patch)
