On Fri, Apr 14, 2006 at 04:51:12PM +0200, Daniel Hartmeier wrote:
> As for the 'No route to host' error you get when trying to ping from the
> same host, that's just the errno translation (65 EHOSTUNREACH) that the
> userland ping process gets from ip_output() through sendto(). When pfil
> blocks an outgoing packet, it has to return SOME error. Since there is
> no dedicated errno for this purpose, and we can't just add new ones,
> EHOSTUNREACH was used as the best match.

IIRC IPFilter uses EPERM or EACCESS which sound like a better match,
because the packet filter did not permit the operation. Also, it is
different from the usual errors from network problems, so you immediately
know it is because of the firewall.

Pavel