From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Mon, 31 Oct 2022 21:08:37 +0000 (+0000)
Subject: Pull request #3640: doc: Adds more details about handling rejection
X-Git-Tag: 3.1.47.0~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d5f8d72a0c9597bae9704df393980855c730e52;p=thirdparty%2Fsnort3.git

Pull request #3640: doc: Adds more details about handling rejection

Merge in SNORT/snort3 from ~LCZARNIK/snort3:doc_unreachable to master

Squashed commit of the following:

commit 65438651b394c150803993b910e6578c8602569e
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date:   Thu Oct 27 13:26:58 2022 -0400

    doc: specified which packages are sent on rejection
---

diff --git a/doc/user/active.txt b/doc/user/active.txt
index 1462ade6f..3061240ef 100644
--- a/doc/user/active.txt
+++ b/doc/user/active.txt
@@ -1,7 +1,7 @@
 Snort can take more active role in securing network by sending active
 responses to shutdown offending sessions. When active responses is
-enabled, snort will send TCP RST or ICMP unreachable when dropping a
-session.
+enabled, snort will send TCP RST and ICMP unreachable when
+dropping a TCP session and ICMP unreachable packets for UDP.
 
 ==== Changes from Snort 2.9
 
@@ -64,8 +64,8 @@ Example:
 ==== Reject
 
 IPS action reject perform active response to shutdown hostile network
-session by injecting TCP resets (TCP connections) or ICMP unreachable
-packets.
+session by injecting TCP resets and ICMP unreachable for TCP
+connections, and ICMP unreachable packets for UDP.
 
 Example: