anybody knows how to disable outbound icmp destination unreachable message

11-12-2007, 05:20 AM

Hi, Gurus:

Is there anyway for me to disable linux box to generate icmp
destination unreachable message?

thanks in advance.

/zhenwu

11-12-2007, 07:22 PM

(E-Mail Removed) wrote:
> Hi, Gurus:
>
> Is there anyway for me to disable linux box to generate icmp
> destination unreachable message?
>
> thanks in advance.
>
> /zhenwu
>

You can use iptables, for example.
www.netfilter.org has all the info.

11-12-2007, 07:40 PM

On Nov 12, 7:20 am, a10.p...@gmail.com wrote:
> Hi, Gurus:
>
> Is there anyway for me to disable linux box to generate icmp
> destination unreachable message?
>
> thanks in advance.
>
> /zhenwu

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
then do sysctl -p

cheers,

zaher el siddik
http://www.unixshells.nl/
http://elsiddik.blogspot.com/

11-12-2007, 08:14 PM

elsiddik <(E-Mail Removed)> wrote:
> On Nov 12, 7:20 am, a10.p...@gmail.com wrote:
>> Hi, Gurus:
>>
>> Is there anyway for me to disable linux box to generate icmp
>> destination unreachable message?
>>
>> thanks in advance.
>>
>> /zhenwu

> net.ipv4.icmp_echo_ignore_broadcasts = 1
> net.ipv4.icmp_echo_ignore_all = 1
> then do sysctl -p

I don't think so. These certainly must apply to incoming echo-requests
(pings), not destination unreachable messages.

To the OP: FWIW, it should be possible to DROP host generated unreachable
responses using iptables, e.g.

iptables -A icmp_packets -p ICMP -s <host network> --icmp-type 3 -j DROP

Or have a firewall with DROP policy and simply add an ACCEPT rule for
type 3 ICMP that excludes the host network. Both of these suggestions
require packet filtering support in the kernel.

--
Clifford Kite
/* The generation of random numbers is too important to be left
to chance. */

11-13-2007, 02:07 AM

Thanks all for your help. Yes, I think I need use iptable or ipchains.
thanks again.

/zhenwu

On Nov 12, 1:14 pm, Clifford Kite <k...@not.available.tld> wrote:
> elsiddik <elsid...@gmail.com> wrote:
> > On Nov 12, 7:20 am, a10.p...@gmail.com wrote:
> >> Hi, Gurus:
>
> >> Is there anyway for me to disable linux box to generate icmp
> >> destination unreachable message?
>
> >> thanks in advance.
>
> >> /zhenwu
> > net.ipv4.icmp_echo_ignore_broadcasts = 1
> > net.ipv4.icmp_echo_ignore_all = 1
> > then do sysctl -p
>
> I don't think so. These certainly must apply to incoming echo-requests
> (pings), not destination unreachable messages.
>
> To the OP: FWIW, it should be possible to DROP host generated unreachable
> responses using iptables, e.g.
>
> iptables -A icmp_packets -p ICMP -s <host network> --icmp-type 3 -j DROP
>
> Or have a firewall with DROP policy and simply add an ACCEPT rule for
> type 3 ICMP that excludes the host network. Both of these suggestions
> require packet filtering support in the kernel.
>
> --
> Clifford Kite
> /* The generation of random numbers is too important to be left
> to chance. */

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Windows Vista - Unable To Receive ICMP Destination Unreachable - P	Tom	Windows Networking	0	11-15-2008 05:06 PM
Destination Host Unreachable	Phi	Linux Networking	25	12-10-2007 07:16 PM
Is it possible, bind has done but the OS still respond with ICMP destination unreachable	Bin Chen	Linux Networking	3	03-29-2007 12:11 PM
ICMP destination unreachable - communication filtered	sweta	Linux Networking	2	09-12-2006 04:07 PM
How to disable ICMP "Destination Unreachable"	Konstantin Grudnev	Linux Networking	4	03-22-2006 03:59 PM