From a1ce9f9b8265a8c28facd52f4e3c0465dce2b9f0 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 24 Mar 2000 08:39:16 +0000 Subject: [PATCH] Testsuite update. --- extensions/libipt_REJECT.c | 4 +--- iptables.8 | 12 +++--------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index f174c6a3..3f5c128a 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -26,10 +26,8 @@ static const struct reject_names reject_table[] = { IPT_ICMP_PORT_UNREACHABLE, "ICMP port unreachable (default)"}, {"icmp-proto-unreachable", "proto-unreach", IPT_ICMP_PROT_UNREACHABLE, "ICMP protocol unreachable"}, - {"tcp-reset", "rst", - IPT_TCP_RESET, "for TCP only: faked TCP RST"}, {"echo-reply", "echoreply", - IPT_ICMP_ECHOREPLY, "for ICMP echo only: faked ICMP echo reply"}, + IPT_ICMP_ECHOREPLY, "for ICMP echo only: faked ICMP echo reply"} }; static void diff --git a/iptables.8 b/iptables.8 index 8422711d..c226cef9 100644 --- a/iptables.8 +++ b/iptables.8 @@ -533,16 +533,10 @@ The type given can be .BR icmp-port-unreachable or .BR icmp-proto-unreachable which return the appropriate ICMP error message (net-unreachable is -the default). The following special types are also allowed: -.B tcp-reset -is only valid if the rule also specifies -.BR "-p tcp" , -and generates a TCP reset packet in response. This is generally not a -good idea (modern stacks should deal with ICMPs on TCP connection -initiation attempts). +the default). The option .B echo-reply -can only be used for rules which specify an ICMP ping packet, and -generates a ping reply. +is also allowed; it can only be used for rules which specify an ICMP +ping packet, and generates a ping reply. .SS TOS This is used to set the 8-bit Type of Service field in the IP header. It is only valid in the -- 2.47.3