iptables -A INPUT -m tcp -p tcp --dport 22 \ -j REJECT --reject-with icmp-host-prohibitedSSH will tell you "no route to host" even if you can ping and access other (allowed) services on selfsame host.
That's most likely becoz the connect() call returns ENETUNREACH and they don't get the specific ICMP response back from the libc call
-- Michael O'Keefe | [EMAIL PROTECTED] Live on and Ride a 03 BMW F650GSDakar| [EMAIL PROTECTED] / | I like less more or less less than |Work:+1 858 845 3514 / | more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652 /_p_| My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296 \`O'| blah, yackety yack - don't come back |Fax :+1 858 _/_\|_, -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
