Trying out the new block return/drop rules the other day, I was pleasantly surprised to discover that UDP /and/ ICMP packets elicit an ICMP destination unreachable packet on matching a ``drop return'' rule, despite the ICMP being included in the, ``and all other packets are dropped silently,'' description of the return function in the manpage. I also want to compliment the developers on implementing the block return/drop syntax as it allows for a cleaner ruleset. -- mls
- Re: block return/drop Matthew L. Shobe
- Re: block return/drop Henning Brauer
