1Author: Fabrice MARIE <fabrice@netfilter.org> 2Status: It Works For Me. 3 4Adds the possibility to send icmp-unreachable messages 5from a fake source IP address. The original destination of the packet will be 6used as the source of the icmp-unreach. 7 8To make it so that the icmp-unreach seems to come from the destination host : 9# iptables -A FORWARD -p tcp -d 202.156.58.0/24 --dport domain -j REJECT --fake-source 10# iptables --list 11Chain FORWARD (policy ACCEPT) 12target prot opt source destination 13REJECT tcp -- anywhere 202.156.58.0/24 tcp dpt:domain reject-with icmp-port-unreachable source-faked 14 15***** WARNING ***** This patch also patch the userspace directory which means that you 16 you have to recompile and reinstall the iptables package after that. 17