Re: ICMP and ip prohibit rule
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Sat, 23 May 2009 15:20:18 +0200
markryde@xxxxxxxxx a écrit :
ip rule add from 192.168.0.180 to 192.168.0.10 prohibit
and ping from 192.168.0.180 to 192.168.0.10 I do get
"connect: Network is unreachable" message. But I sniffed for all ICMP
192.168.0.180 and there was no ICMP packet.
What ICMP packet ?
I would appreciate if anybody can give a simple example where you use
a prohibit rule and send some ping/start ssh etc, and you can catch an
ICMP packet as a result.
(According to "man ip", it should be a speical kind of ICMP message:
"communication administratively prohibited")
If the rule is on the sender, then it returns an error when a local process tries to send a packet that matches it. It sends an ICMP error message to the sender only when it is on an intermediate router.