REJECT patch

From kadlec@blackhole.kfki.hu Mon Sep 17 10:07:25 2001
Date: Thu, 9 Mar 2000 11:11:07 +0100 (CET)
From: Jozsef Kadlecsik 
To: Multiple recipients of list NETFILTER 
Subject: REJECT patch

Hello,

This is the newest revision of the REJECT patch. It adds the possibility
to send back customized reject packets: ICMP net/host/port/proto
unreachable, faked TCP RST for TCP and faked ICMP echo reply for ICMP echo
request. There is a restriction: rejecting with TCP RST can be used
in INPUT and FORWARD rules only.

For the internals: why I don't use icmp_send, when the patch would be
much more simpler and nicer? 

All routines call ip_send finally, which means the generated packets are
seen by the POSTROUTING hooks only. If icmp_send were used,
the generated packets would be seen by the OUTPUT rules too. By avoiding
icmp_send, there is no need to setup special rules just to let out the
reject packets.