add IPv6 reject packet generation (#1766)

* add IPv6 reject packet generation (ICMPv6 Destination Unreachable and TCP RST)

* use ICMPv6 code 1 (administratively prohibited) and cap body at 1000 bytes

* cleanup, use ICMP error code 13 for ipv4

* better docs

* cleanup
This commit is contained in:
Wade Simmons
2026-06-16 13:04:21 -04:00
committed by GitHub
parent 16b302c11d
commit e4cc80aaca
3 changed files with 416 additions and 21 deletions
+1 -1
View File
@@ -397,7 +397,7 @@ firewall:
# `drop` (default): silently drop the packet.
# `reject`: send a reject reply.
# - For TCP, this will be a RST "Connection Reset" packet.
# - For other protocols, this will be an ICMP port unreachable packet.
# - For other protocols, this will be an ICMP "Destination unreachable: Communication administratively prohibited" packet.
outbound_action: drop
inbound_action: drop