>>>>> "GT" == Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> writes: GT> The preferred option would be to DNAT (redirect) the traffic to a GT> mini web server that will serve up a generic web page indicating GT> that the access has been blocked. The GET request only gets transmitted once the three-way TCP handshake is done. By then it's way too late to DNAT anything -- the mini web server wouldn't get a SYN, so it would throw away the packet. /Benny - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
