Error responce when limiting access

Error responce when limiting access

[Mogens Valentin]

Using iptables, I can of cause deny access to cirtain IP addresses or
websites, however, I'd like to make sure clients do not just get a
timeout, not found or something alike.
AFICS, it'll be difficult to set some errorresponce a browser can
understand, allowing it to display a meaningful errorresponce.

-- 
Kind regards / venlig hilsen,
Mogens Valentin, Mr Dev

IT Networking, Security, Server Setup
www.danbbs.dk/~monz   mrdev@danbbs.dk
Phone +45 32 525 878  Cell 51 227 668

Re: Error responce when limiting access

[Chris Wilson]

Hi Mogens,

> Using iptables, I can of cause deny access to cirtain IP addresses or
> websites, however, I'd like to make sure clients do not just get a
> timeout, not found or something alike.
> AFICS, it'll be difficult to set some errorresponce a browser can
> understand, allowing it to display a meaningful errorresponce.

Use a DNAT rule to redirect them to a local web server, or a Squid proxy 
which is configured to deny all requests. Then you can configure these 
to serve up a suitable error page which you can design yourself.

Cheers, Chris.
-- 
   ___ __     _
 / __// / ,__(_)_  | Chris Wilson -- UNIX Firewall Lead Developer |
/ (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk |
\ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |

Re: Error responce when limiting access

[Matt Hellman]

Mogens Valentin wrote:

>Using iptables, I can of cause deny access to cirtain IP addresses or
>websites, however, I'd like to make sure clients do not just get a
>timeout, not found or something alike.
>AFICS, it'll be difficult to set some errorresponce a browser can
>understand, allowing it to display a meaningful errorresponce.
>
>  
>
Use a tcp reset instead of just dropping the packet.  Try -j REJECT.