Linux, un avanzado router/firewall
Creando un firewall con iptables


Si queremos evitar esto (red local por ejemplo)
utilizamos el target REJECT (es una extensión)
iptables -A FORWARD -s 10.1.0.0/24 -d 10.2.0.10
    -j REJECT --reject-with-type=icmp-host-unreachable

iptables -j REJECT --help
[...]
REJECT options:
--reject-with type              drop input packet and send back
                                a reply packet according to type:
Valid reject types:
    icmp-net-unreachable     	ICMP network unreachable
    net-unreach              	alias
    icmp-host-unreachable    	ICMP host unreachable
    host-unreach             	alias
    icmp-proto-unreachable   	ICMP protocol unreachable
    proto-unreach            	alias
    icmp-port-unreachable    	ICMP port unreachable (default)
    port-unreach             	alias
    icmp-net-prohibited      	ICMP network prohibited
    net-prohib               	alias
    icmp-host-prohibited     	ICMP host prohibited
    host-prohib              	alias
    tcp-reset                	TCP RST packet
    tcp-reset                	alias