# reject with icmp type host-unreachable
[
{
"reject": {
"expr": "host-unreachable",
"type": "icmp"
}
}
]
# reject with icmp type net-unreachable
[
{
"reject": {
"expr": "net-unreachable",
"type": "icmp"
}
}
]
# reject with icmp type prot-unreachable
[
{
"reject": {
"expr": "prot-unreachable",
"type": "icmp"
}
}
]
# reject with icmp type port-unreachable
[
{
"reject": {
"expr": "port-unreachable",
"type": "icmp"
}
}
]
# reject with icmp type net-prohibited
[
{
"reject": {
"expr": "net-prohibited",
"type": "icmp"
}
}
]
# reject with icmp type host-prohibited
[
{
"reject": {
"expr": "host-prohibited",
"type": "icmp"
}
}
]
# reject with icmp type admin-prohibited
[
{
"reject": {
"expr": "admin-prohibited",
"type": "icmp"
}
}
]
# reject with icmpv6 type no-route
[
{
"reject": {
"expr": "no-route",
"type": "icmpv6"
}
}
]
# reject with icmpv6 type admin-prohibited
[
{
"reject": {
"expr": "admin-prohibited",
"type": "icmpv6"
}
}
]
# reject with icmpv6 type addr-unreachable
[
{
"reject": {
"expr": "addr-unreachable",
"type": "icmpv6"
}
}
]
# reject with icmpv6 type port-unreachable
[
{
"reject": {
"expr": "port-unreachable",
"type": "icmpv6"
}
}
]
# mark 12345 ip protocol tcp reject with tcp reset
[
{
"match": {
"left": {
"meta": { "key": "mark" }
},
"op": "==",
"right": 12345
}
},
{
"match": {
"left": {
"payload": {
"field": "protocol",
"protocol": "ip"
}
},
"op": "==",
"right": "tcp"
}
},
{
"reject": {
"type": "tcp reset"
}
}
]
# reject
[
{
"reject": null
}
]
# ether type ip reject
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "ether"
}
},
"op": "==",
"right": "ip"
}
},
{
"reject": null
}
]
# ether type ip6 reject
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "ether"
}
},
"op": "==",
"right": "ip6"
}
},
{
"reject": null
}
]
# reject with icmpx type host-unreachable
[
{
"reject": {
"expr": "host-unreachable",
"type": "icmpx"
}
}
]
# reject with icmpx type no-route
[
{
"reject": {
"expr": "no-route",
"type": "icmpx"
}
}
]
# reject with icmpx type admin-prohibited
[
{
"reject": {
"expr": "admin-prohibited",
"type": "icmpx"
}
}
]
# reject with icmpx type port-unreachable
[
{
"reject": {
"expr": "port-unreachable",
"type": "icmpx"
}
}
]
# ether type ip reject with icmpx type admin-prohibited
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "ether"
}
},
"op": "==",
"right": "ip"
}
},
{
"reject": {
"expr": "admin-prohibited",
"type": "icmpx"
}
}
]
# ether type ip6 reject with icmpx type admin-prohibited
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "ether"
}
},
"op": "==",
"right": "ip6"
}
},
{
"reject": {
"expr": "admin-prohibited",
"type": "icmpx"
}
}
]