I've got a Cisco (877W with IOS 12.4 in my case) which uses an "access-list" to filter IP traffic on the external interface:
interface Dialer0 [...] ip access-group 101 in [...][...] access-list 101 permit tcp any host 188.8.131.52 eq www [...] access-list 101 deny tcp any any [...]
The rules work fine and prevent access to TCP ports which are supposed to be protected.
If an external hosts does however try to connect to one of the protected ports the Cisco seems to send an "host unreachable - admin prohibited filter" ICMP packet like this:22:07:57.539673 IP 184.108.40.206 > 220.127.116.11: icmp 36: host 18.104.22.168 unreachable - admin prohibited filter
The host I'm using for testing seems to ignore these packets. The previous firewall (a NetBSD system using PF) could be configured to send a TCP-RST packet in this case. Is that possible to configure IOS to do the same?