> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of bclark > Sent: Tuesday, March 07, 2006 6:45 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: icmp-host-unreachable as opposed to destination-unreachable > > Hi all > > Would anyone be kind to explain why would a person reject a > connection to port 113 with icmp-host-unreachable as opposed > to destination-unreachable. > I probally dont understand the difference. > Just something I was wondering. > > Kind Regards > Brent Clark > >From what I can tell, icmp-host-unreachable is a code (1) for the destination-unreachable ICMP type (3). See http://www.spirit.com/Resources/icmp.html for a little more information, and Google RFC 792 for a lot more information. Basically though, "host-unreachable" is more specific than "destination-unreachable". I would think that code 3 would be more appropriate ("port unreachable") to this specific rule but then I don't bother with ident (port 113) rules. There's more information on that on this page: http://grc.com/port_113.htm. Derick Anderson
