I just want to make sure I'm understanding this correctly.
block-policy return
TCP packets are dropped with a TCP RST, UDP packets are dropped
with an ICMP UNREACHABLE, and all other packets are dropped
silently.
Does this also do return-ipv6-icmp for ipv6/udp and return-rst for ipv6
tcp?
Is my understanding correct in that:
block-policy return
block out log all
block in log all
is NOT equivalent to:
block out log all
block in log all
block return-rst out log inet proto tcp all
block return-rst in log inet proto tcp all
block return-icmp out log inet proto udp all
block return-icmp in log inet proto udp all
since tcp/udp are not implied..? so I would have to specify:
block in/out log inet proto tcp/udp all
as well?
- jolan
