networking.firewall.rejectPackets

If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.

Type

boolean

Default

false

Declared

<nixpkgs/nixos/modules/services/networking/firewall.nix>