ip6tables reject targets

ip6tables reject targets

[Nikolai Lusan]

[-- Attachment #1: Type: text/plain, Size: 430 bytes --]

Hi all,

I have been doing some more IPv6 related work of late. I attempted to
use "--reject-with" on an ip6tables REJECT - it failed. When I ran
"ip6tables -L" to see what was in there the REJECT target had
automatically added the equivalent of IPv4 
"REJECT --reject-with icmp-port-unreachable".

Does anyone know what valid options there are for the ip6tables reject
target?

-- 
Nikolai Lusan <nikolai@lusan.id.au>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: ip6tables reject targets

[Kevin Holly]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 08/25/2015 11:31 PM, Nikolai Lusan wrote:
> Does anyone know what valid options there are for the ip6tables reject
> target?

You can find the valid options in the ip6tables help. Remember that you can always use -h/--help to show also manual-like help information about modules, for example "iptables -m conntrack -h"

root@mail:~# ip6tables -j REJECT -h
ip6tables v1.4.14
[...]
REJECT target options:
- --reject-with type              drop input packet and send back
                                a reply packet according to type:
Valid reject types:
    icmp6-no-route              ICMPv6 no route
    no-route                    alias
    icmp6-adm-prohibited        ICMPv6 administratively prohibited
    adm-prohibited              alias
    icmp6-addr-unreachable      ICMPv6 address unreachable
    addr-unreach                alias
    icmp6-port-unreachable      ICMPv6 port unreachable
    port-unreach                alias
    tcp-reset                   TCP RST packet
    tcp-reset                   alias



Best regards

Kevin Holly - root@hallowe.lt - http://hallowe.lt/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJV3PMgAAoJELAaqP3QtzpMrbIIALd6ARJe+FayKBAPPxm5AhZ1
QUJmFT0mvpxg0CkLVACZJXxT9wgS2y9ozF73BTBCyhlibVmCAnEm+HiudrtD9LUd
HFR+YwdIDPUc9aosAv6TSp5fjTzbQAiNi6O/dn8bQJolbEGn4FibwviX4Ew67zIX
IBAvIxN5uzfCDFmnpdh8vZIRyBgvnxK+keGhB8EsSgs1T9AliIc+UNEThulTq+o5
t0SOEcV9HkpQH3D9ayOS5zU68l2Q6FdWtxiGj3HnqquM8y44RoirEuCp6uNlx73b
taAffPHgE0SO8vXvjEpICtKnDkKZhvM6MyFg6jjRx3nTbFPm62bPaalDVUjlSGY=
=hx+C
-----END PGP SIGNATURE-----

Re: ip6tables reject targets

[Nikolai Lusan]

[-- Attachment #1: Type: text/plain, Size: 1255 bytes --]

Hi,
On Wed, 2015-08-26 at 00:58 +0200, Kevin Holly wrote:
> 
> You can find the valid options in the ip6tables help. Remember that 
> you can always use -h/--help to show also manual-like help 
> information about modules, for example "iptables -m conntrack -h"
> 
> root@mail:~# ip6tables -j REJECT -h
> ip6tables v1.4.14
> [...]
> REJECT target options:
> --reject-with type              drop input packet and send back
>                                 a reply packet according to type:
> Valid reject types:
>     icmp6-no-route              ICMPv6 no route
>     no-route                    alias
>     icmp6-adm-prohibited        ICMPv6 administratively prohibited
>     adm-prohibited              alias
>     icmp6-addr-unreachable      ICMPv6 address unreachable
>     addr-unreach                alias
>     icmp6-port-unreachable      ICMPv6 port unreachable
>     port-unreach                alias
>     tcp-reset                   TCP RST packet
>     tcp-reset                   alias


Thanks for that. It should have occurred to me earlier, I guess lack of
sleep is a bigger problem than I thoiught. :)

-- 
Nikolai Lusan

Email:     nikolai@lusan.id.au
Phone(H):  (07) 3136 3065
Phone(M):  0425 661 620

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]