1This is used to send back an error packet in response to the matched 2packet: otherwise it is equivalent to 3.B DROP 4so it is a terminating TARGET, ending rule traversal. 5This target is only valid in the 6.BR INPUT , 7.B FORWARD 8and 9.B OUTPUT 10chains, and user-defined chains which are only called from those 11chains. The following option controls the nature of the error packet 12returned: 13.TP 14.BI "--reject-with " "type" 15The type given can be 16.nf 17.B " icmp6-no-route" 18.B " no-route" 19.B " icmp6-adm-prohibited" 20.B " adm-prohibited" 21.B " icmp6-addr-unreachable" 22.B " addr-unreach" 23.B " icmp6-port-unreachable" 24.B " port-unreach" 25.fi 26which return the appropriate ICMPv6 error message (\fBport-unreach\fP is 27the default). Finally, the option 28.B tcp-reset 29can be used on rules which only match the TCP protocol: this causes a 30TCP RST packet to be sent back. This is mainly useful for blocking 31.I ident 32(113/tcp) probes which frequently occur when sending mail to broken mail 33hosts (which won't accept your mail otherwise). 34.B tcp-reset 35can only be used with kernel versions 2.6.14 or latter. 36 37