aboutsummaryrefslogtreecommitdiffstats
path: root/extensions/libipt_REJECT.man
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libipt_REJECT.man')
-rw-r--r--extensions/libipt_REJECT.man8
1 files changed, 4 insertions, 4 deletions
diff --git a/extensions/libipt_REJECT.man b/extensions/libipt_REJECT.man
index c419a85e..8a360ce7 100644
--- a/extensions/libipt_REJECT.man
+++ b/extensions/libipt_REJECT.man
@@ -18,9 +18,9 @@ The type given can be
\fBicmp\-port\-unreachable\fP,
\fBicmp\-proto\-unreachable\fP,
\fBicmp\-net\-prohibited\fP,
-\fBicmp\-host\-prohibited\fP or
-\fBicmp\-admin\-prohibited\fP (*)
-which return the appropriate ICMP error message (\fBport\-unreachable\fP is
+\fBicmp\-host\-prohibited\fP, or
+\fBicmp\-admin\-prohibited\fP (*),
+which return the appropriate ICMP error message (\fBicmp\-port\-unreachable\fP is
the default). The option
\fBtcp\-reset\fP
can be used on rules which only match the TCP protocol: this causes a
@@ -28,5 +28,5 @@ TCP RST packet to be sent back. This is mainly useful for blocking
.I ident
(113/tcp) probes which frequently occur when sending mail to broken mail
hosts (which won't accept your mail otherwise).
-.PP
+.IP
(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 10:12:21 +0000