That’s a correct behavior
of iptables. If you want another error behavior use: “ …. –j REJECT –reject-with
icmp-host-unreachable” instead. From man: REJECT This is used to
send back an error packet in response to the matched packet: otherwise it is
equivalent to DROP so it is a
terminating TARGET, ending rule traversal. This target is only valid in the
INPUT, FORWARD and OUTPUT chains, and
user-defined chains which are only called from those chains. The following
option controls the nature of the error
packet returned: --reject-with type The type
given can be
icmp-net-unreachable
icmp-host-unreachable
icmp-port-unreachable
icmp-proto-unreachable
icmp-net-prohibited
icmp-host-prohibited or
icmp-admin-prohibited (*) which return
the appropriate ICMP error message (port-unreachable is the default). The
option tcp-reset can be used
on rules which only match the TCP protocol: this causes a TCP RST packet to be
sent back. This is mainly
useful for blocking ident (113/tcp) probes which frequently occur when
sending mail to broken mail hosts
(which won't accept your mail otherwise). (*) Using
icmp-admin-prohibited with kernels that do not support it will result in a
plain DROP instead of REJECT Saludos. Pablo. De: Robin-Vinet
Mathieu [mailto:robin@elda.org] Hi,
|