icmp-host-unreachable as opposed to destination-unreachable
danderson at vikus.com
Tue Mar 7 16:23:15 CET 2006
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of bclark
> Sent: Tuesday, March 07, 2006 6:45 AM
> To: netfilter at lists.netfilter.org
> Subject: icmp-host-unreachable as opposed to destination-unreachable
> Hi all
> Would anyone be kind to explain why would a person reject a
> connection to port 113 with icmp-host-unreachable as opposed
> to destination-unreachable.
> I probally dont understand the difference.
> Just something I was wondering.
> Kind Regards
> Brent Clark
>From what I can tell, icmp-host-unreachable is a code (1) for the
destination-unreachable ICMP type (3). See
http://www.spirit.com/Resources/icmp.html for a little more information,
and Google RFC 792 for a lot more information.
Basically though, "host-unreachable" is more specific than
"destination-unreachable". I would think that code 3 would be more
appropriate ("port unreachable") to this specific rule but then I don't
bother with ident (port 113) rules. There's more information on that on
this page: http://grc.com/port_113.htm.
More information about the netfilter