Re: firewall, reject: icmp vs. tcp

Thomas Quinot (thomas@cuivre.fdn.fr)
9 Apr 1996 15:26:17 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: William E. Roadcap: "Re: Overmounting a filesystem"
Previous message: Alan Cox: "Re: mach"
Maybe in reply to: Herbert Rosmanith: "firewall, reject: icmp vs. tcp"
Next in thread: Alan Cox: "Re: firewall, reject: icmp vs. tcp"

Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at) =E9crit :

> arrive telling something like "port unreachable".

Actually this is "host unreachable", and it is proper behaviour to retr=
y
the connection in this case (from icmp.h :
/* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOS_UNREACH and SR_FAIELD=
MUST be
considered 'transient errrs'. */)

But shouldn't the ICMP code be one of
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited

(from RFC1700 Assigned Numbers. These are defined in icmp.h as ICMP_NET=
_ANO
and ICMP_HOST_ANO respectively.)

--=20
Thomas.Quinot@cuivre.fdn.fr

Next message: William E. Roadcap: "Re: Overmounting a filesystem"
Previous message: Alan Cox: "Re: mach"
Maybe in reply to: Herbert Rosmanith: "firewall, reject: icmp vs. tcp"
Next in thread: Alan Cox: "Re: firewall, reject: icmp vs. tcp"