Question about REPLY.

Anders Fugmann email hidden
Mon Mar 3 12:25:26 CET 2003


Steven W. Orr wrote:
> Can someone tell me the functional difference between 
> 
> REPLY_AUTH="EXT tcp-reset tcp auth 0.0.0.0/0=>0.0.0.0/0"
> 
> and simply not adding auth to the INPUT rule?
In the INPUT rules it is not possible to specify how to reply to cirtan 
packets. The line given above is somewhat similar to a INPUT with policy 
REJECT (which sends port-unreachable), but it is here possible to 
specify how the packet is rejected. See the manpage for iptables for 
more information. REJECT rules are processed before any INPUT rules.

Regards
Anders Fugmann




More information about the fiaif mailing list