From owner-freebsd-current  Tue May  6 00:39:01 1997
Return-Path: <owner-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id AAA22528
          for current-outgoing; Tue, 6 May 1997 00:39:01 -0700 (PDT)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA22496;
          Tue, 6 May 1997 00:38:55 -0700 (PDT)
Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id JAA25044; Tue, 6 May 1997 09:43:27 +0200 (MET DST)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199705060743.JAA25044@ocean.campus.luth.se>
Subject: Re: divert still broken?
To: archie@whistle.com (Archie Cobbs)
Date: Tue, 6 May 1997 09:43:27 +0200 (MET DST)
Cc: danny@panda.hilink.com.au, current@FreeBSD.ORG, hackers@FreeBSD.ORG
In-Reply-To: <199705060414.VAA11171@bubba.whistle.com> from Archie Cobbs at "May 5, 97 09:14:57 pm"
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

According to Archie Cobbs:
[...]
> > How about 
> > 
> > ipfw add 1000 reset tcp from any to foo 23
> > 
> > So the choices are:
> >   deny  :  be silent
> >   reject:  send ICMP !H
> >   reset :  send RST
> 
> Sounds OK with me.. any body else care to comment?

Yeah, I think that's good.
That way you can configure it as you like. Flexability is (almost) always
a good thing.

Would it be hard to add something like "netreject", which would send !N, too?

  /Mikael