On Friday 25 June 2004 11:44 am, Cilliè Burger wrote:
> >Hello,
> >
> >I know the rules REJECT, DENY or DROP, but is it possible to return to
> >the client the error message "no route to host" ?
> >
> >I saw that it's possible to configure this on CISCO routers, and I would
> >lke to know it it's possible?
> yes, it is
>
> # man route
>
> reject install a blocking route, which will force a route
> lookup to fail. This is for example used to mask
> out networks before using the default route. This
> is NOT for firewalling.
>
> route add -host 192.168.1.2 reject
>
> # ping 192.168.1.2
> connect: Network is unreachable
>
> for more info check the route man page
This is fine, so long as you want to return this message for *all* packets
addressed to the host. Doing it with netfilter has the advantage that you
can specify selected sources for this reject to be returned to.
The target:
-j REJECT --reject-with icmp-net-unreachable
should result in the same response as shown above.
Regards,
Antony.
--
GIT/E d- s+:--(-) a+ C++++$(---) UL++++$ P+(---)>++ L+++(++++)$ !E W(-) N(-)
o? w--(---) O !M V+++(--) !PS !PE Y+ PGP+> t- !tv@ b+++ DI++ D--- e+++(*) h++
5? !X- !R K--? G-
Please reply to the list;
please don't CC me.
