Horsnell T. wrote: > Hi all, > Am I being an idiot here? > I want to set a rule to REJECT (rather than DROP) > attempts to access port 80, but iptables wont let me. > > > # iptables --version > iptables v1.2.5 > > > # iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j REJECT > iptables: No chain/target/match by that name
Try: iptables -A FORWARD -p tcp -i eth1 -o eth0 --dport 80 -j REJECT --reject-with tcp-reset (You can omit --reject-with tcp-reset, but I like it. It tells the sender AFAIK 'port unreachable' => no retries to connect.) Olaf
