From a7cd930b9613867d2958eb2346b46966783b54d1 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 14 Apr 2003 01:01:01 +0000
Subject: [PATCH] Add comments to REJECT improvement

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@538 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 5f637c654..b1f590724 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -3304,8 +3304,14 @@ add_common_rules() {
     #
     run_iptables -A reject -p tcp  -j REJECT --reject-with tcp-reset
     run_iptables -A reject -p udp  -j REJECT
+    #
+    # Not all versions of iptables support these so don't complain if they don't work
+    #
     qt iptables  -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
     qt iptables  -A reject         -j REJECT --reject-with icmp-host-prohibited
+    #
+    # A catchall in case the above doesn't work
+    #
     run_iptables -A reject         -j REJECT
 
     #