Firewall iptables

can someone explain that to me:


Chain IPSECBLOCK (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all – * * reject-with icmp-net-unreachable

it this an error?or normaly message?


this chain is present on all IPFire machines and is designed to prevent traffic to remote IPsec networks whose IPsec tunnels have not been established yet (information leakage prevention). Most likely is a remote network of an IPsec connection you configured.

REJECT is more suitable than DROP here, since the user gets an error message faster.

The source code of the initscript executing the corresponding iptables commands is available here.

Thanks, and best regards,
Peter Müller

1 Like

thank you Peter