Richard Horton wrote: > I think all the OP means is DROP is valid policy target where as > REJECT isn't. Yes. > The big problem though is that DROP / ACCEPT as policy > targets or jump targets require no options where as the REJECT target > can take options to control the returned ICMP code, which with the > current policy handler you couldn't specifiy. Ok. The limitation is a characteristic of the current policy handler, so it's a non-trivial task to allow REJECT as a default policy. Mart Frauenlob wrote: > you will not have control over how many (limit) and what type of icmp > error is through'n out (would need new policy handler). Thanks, Mart and Richard. That answers a pair of question I was going to ask but unsure of how to phrase. /Lars -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
