On Wed, Dec 25, 2002 at 09:02:38AM -0700, Andrew Bradford wrote: > > Cisco IOS can't really provide a true "firewall", just packet > filtering, so it's either allow or drop, no other choices.
When I last looked at this, I found that IOS by default sends back an 'ICMP Admin Prohibited' packet in response to packets which get dropped. I don't know if you can convince it to send any other packet instead. I found this by accident when setting up anti-spoofing filters: a filter which blocks a spoofed packet still sends back an ICMP Admin Prohibited to the (spoofed) source address, which is pretty silly... but I never worked out how to change this behaviour. Regards, Brian. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
