Re: --reject-with icmp-admin-prohibited

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Maciej Soltysiak" <solt@dns.toxicfilms.tv>
To: Iptables Mailing List <netfilter@lists.netfilter.org>
Subject: Re: --reject-with icmp-admin-prohibited
Date: Mon, 2 Feb 2004 16:57:29 +0100	[thread overview]
Message-ID: <00a801c3e9a5$46b3a5c0$0e25fe96@pysiak> (raw)
In-Reply-To: 1075718155.22226.41.camel@ssatchell1.pyramid.net

Hi,

> I finally looked in the source and found "icmp-admin-prohibited" but
> when I tried it with 1.2.7 it didn't work.
In order to have it working you need, iptables-1.2.8+ and kernel
2.4.22+ (i think it was around 2.4.21 when it was accepted)

These two contain the correct code for this option to work.
You are encouraged to use the latest iptables package and 2.4.22+
kernel, because with previous kernels this would not work,
using this option would result in a plain DROP instead of sending icmp.

Please use the most up2date sources. If you do not want to change
for some reason your 1.2.7 code, you would still need to patch your
kernel code to update the ipt_REJECT module, and patch your
iptables-1.2.7 sources to update libipt_REJECT userspace module.

So you'd be better of using 1.2.9 and 2.4.22+
No patching with those two running.

Regards,
Maciej
(the author of admin-prohib patch)

next prev parent reply	other threads:[~2004-02-02 15:57 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-02  7:05 layer7-filter with iptables problem hare ram
2004-02-02  7:17 ` [LARTC] " hare ram
2004-02-02  8:04 ` hare ram
2004-02-02  8:16 ` hare ram
2004-02-02 10:35   ` --reject-with icmp-admin-prohibited Stephen Satchell
2004-02-02 15:57     ` Maciej Soltysiak [this message]
2004-02-03  3:08 ` [LARTC] layer7-filter with iptables problem Nabil SEFRIOUI
2004-02-03  6:28   ` hare ram
2004-02-03  6:40     ` hare ram

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='00a801c3e9a5$46b3a5c0$0e25fe96@pysiak' \
    --to=solt@dns.toxicfilms.tv \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.