Configuring security Firewall
Digi TransPort® Routers User Guide
768
ICMP type value ICMP type
13 maskrep
14 routerad
15 routersol
[icmp-code]
An optional decimal number representing the ICMP code of the return ICMP packet. If the [icmp-
type] is [unreach], the ICMP code can also be one of the following predefined text codes:
ICMP code Description
net-unr Network unreachable
host-unr Host unreachable
proto-unr Protocol unrecognized
port-unr Port unreachable
needfrag Needs fragmentation
srcfail Source route fail
For example, this rule causes the router to return an ICMP Unreachable packet in response to all
packets received on PPP 0:
bl ock r et ur n- i cmp unr each i n br eak end on ppp 0
Instead of using the return-icmp option to return an ICMP packet, you can use return-rst to return a
TCP reset packet instead. This would only be applicable for a TCP packet. For example, this rule
returns a TCP reset packet when the firewall receives a TCP packet on the Ethernet interface 0 with
destination address 10.1.2.*.
bl ock r et ur n- r st i n br eak end on et h 0 pr ot o t cp f r om any t o 10. 1. 2. 0/ 24
return-icmpv6
In addition to the existing return-icmp option, which is used only with IPv4, you can include an
optional field that causes an ICMPv6 packet to be returned to the interface from which that packet
was received.
The syntax for specifying the return of an ICMP packet is:
“ r et ur n- i cmpv6” i cmpv6- t ype [ i cmpv6- code]
where:
[icmpv6_type]
Is a decimal number representing the ICMPv6 type, or one of the predefined text codes listed in the
following table:
To Next Page
Loading...
