Re: Which ICMP reject works best
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Tue, 20 Feb 2007 16:40:54 +0100
Hello,
none a écrit :
Given the various iptables icmp reject types, which is suppose to make
the calling host shut up and go away the fastest ?
Valid reject types:
icmp-net-unreachable ICMP network unreachable
icmp-host-unreachable ICMP host unreachable
icmp-proto-unreachable ICMP protocol unreachable
icmp-port-unreachable ICMP port unreachable (default)
icmp-net-prohibited ICMP network prohibited
icmp-host-prohibited ICMP host prohibited
tcp-reset TCP RST packet
icmp-admin-prohibited ICMP administratively prohibited (*)
- TCP RST for TCP packets.
- ICMP Port Unreachable for UDP packets and other supported port-oriented protocols
- ICMP Protocol Unreachable for unsupported or non protocol-oriented protocols
- ICMP Communication Administratively Prohibited is nice but I have found that not all hosts understand it, which may reduce its efficiency.
Note : ICMP Network Prohibited and ICMP Host Prohibited are deprecated, ICMP Communication Administratively Prohibited must be used instead.
(Source : RFC 1812)
.
- Follow-Ups:
- Re: Which ICMP reject works best
- From: none
- Re: Which ICMP reject works best
- References:
- Which ICMP reject works best
- From: none
- Which ICMP reject works best
- Prev by Date: MAC and gateways
- Next by Date: Re: MAC and gateways
- Previous by thread: Re: Which ICMP reject works best
- Next by thread: Re: Which ICMP reject works best
- Index(es):
Relevant Pages
|
