1This is used to send back an error packet in response to the matched 2packet: otherwise it is equivalent to 3.B DROP 4so it is a terminating TARGET, ending rule traversal. 5This target is only valid in the 6.BR INPUT , 7.B FORWARD 8and 9.B OUTPUT 10chains, and user-defined chains which are only called from those 11chains. The following option controls the nature of the error packet 12returned: 13.TP 14\fB\-\-reject\-with\fP \fItype\fP 15The type given can be 16\fBicmp\-net\-unreachable\fP, 17\fBicmp\-host\-unreachable\fP, 18\fBicmp\-port\-unreachable\fP, 19\fBicmp\-proto\-unreachable\fP, 20\fBicmp\-net\-prohibited\fP, 21\fBicmp\-host\-prohibited\fP or 22\fBicmp\-admin\-prohibited\fP (*) 23which return the appropriate ICMP error message (\fBport\-unreachable\fP is 24the default). The option 25\fBtcp\-reset\fP 26can be used on rules which only match the TCP protocol: this causes a 27TCP RST packet to be sent back. This is mainly useful for blocking 28.I ident 29(113/tcp) probes which frequently occur when sending mail to broken mail 30hosts (which won't accept your mail otherwise). 31.PP 32(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT 33