Hello,
I've got a Cisco (877W with IOS 12.4 in my case) which uses an "access-list" to filter IP traffic on the external interface:
interface Dialer0 [...] ip access-group 101 in [...]
[...] access-list 101 permit tcp any host 1.2.3.4 eq www [...] access-list 101 deny tcp any any [...]The rules work fine and prevent access to TCP ports which are supposed to be protected.
If an external hosts does however try to connect to one of the protected ports the Cisco seems to send an "host unreachable - admin prohibited filter" ICMP packet like this:
22:07:57.539673 IP 5.6.7.8 > 9.10.11.12: icmp 36: host 1.2.3.4 unreachable - admin prohibited filterThe host I'm using for testing seems to ignore these packets. The previous firewall (a NetBSD system using PF) could be configured to send a TCP-RST packet in this case. Is that possible to configure IOS to do the same?
Kind regards