Improve REJECT processing

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@537 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-15 19:01:19 +01:00 · 2003-04-14 00:47:47 +00:00 · 2003-04-14 00:47:47 +00:00 · d44564fab8
commit d44564fab8
parent 16906234c8
1 changed files with 6 additions and 2 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3302,8 +3302,12 @@ add_common_rules() {
    #
    # Reject Rules
    #
-    run_iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
-    run_iptables -A reject -j REJECT
+    run_iptables -A reject -p tcp  -j REJECT --reject-with tcp-reset
+    run_iptables -A reject -p udp  -j REJECT
+    qt iptables  -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
+    qt iptables  -A reject         -j REJECT --reject-with icmp-host-prohibited
+    run_iptables -A reject         -j REJECT
+
    #
    # dropunclean rules
    #