Yes, now I am dropping packets in OUTPUT chain for type 3. Initially, I
implemented the chain to drop type 0 and 8. But it wont worked and the
packets were hitting at firewall for multiple ICMP requests. I didn't
Understand the problem. After posting here I go through all the types of
ICMP types where I understand to drop packets for "Host unreachability" .
Thanks for your help Mr. Gordon 🙏.
On Wed, Jan 6, 2016 at 8:47 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx>
wrote:
> On 01/06/2016 05:47 AM, Shital Sakhare wrote:
>
>> Thanks, Dropped the ICMP type 3 port. Now question to find the cause.
>>
>
> Well, based on your tcpdump output, it looks like your rules were
> rejecting unrelated packets, or tcp/443 packets. It's hard to be sure
> since the ICMP was the first packet, so you didn't show the packet it was
> actually replying to.
>
> The ICMP traffic is a result of rejecting rather than dropping that
> traffic. That is, I think you're looking at the problem wrong. The ICMP
> traffic is simply the result of a choice you made. Are you dropping type 3
> in the output chain?
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
