can someone explain that to me:
Chain IPSECBLOCK (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all – * * 0.0.0.0/0 172.16.117.0/24 reject-with icmp-net-unreachable
it this an error?or normaly message?
this chain is present on all IPFire machines and is designed to prevent traffic to remote IPsec networks whose IPsec tunnels have not been established yet (information leakage prevention). Most likely 172.16.117.0/24 is a remote network of an IPsec connection you configured.
REJECT is more suitable than DROP here, since the user gets an error message faster.
The source code of the initscript executing the corresponding
iptables commands is available here.
Thanks, and best regards,