> Be more specific about "with faked IP address". If the src of icmp > dst port unreachable does not match the dst of the original request > it will simply get dropped with no effect. > > Ramin well i was talking about Fabrice Marie's patch to cvs that allows to use -j REJECT --fake-source 10.1.1.1
i would like Fabrice to elaborate on that a bit. As you Ramin noticed, icmp not elicited by our packets, will get dropped by the kernel. if we change the source ip, they will get dropped. Or not? Please explain anyone, what is the use of this patch to REJECT target. Best Regards, Maciej Soltysiak
