Re: ICMP and ip prohibit rule



markryde@xxxxxxxxx a écrit :

ip rule add from 192.168.0.180 to 192.168.0.10 prohibit
and ping from 192.168.0.180 to 192.168.0.10 I do get
"connect: Network is unreachable" message. But I sniffed for all ICMP
traffic on
192.168.0.180 and there was no ICMP packet.

What ICMP packet ?

I would appreciate if anybody can give a simple example where you use
a prohibit rule and send some ping/start ssh etc, and you can catch an
ICMP packet as a result.
(According to "man ip", it should be a speical kind of ICMP message:
"communication administratively prohibited")

If the rule is on the sender, then it returns an error when a local process tries to send a packet that matches it. It sends an ICMP error message to the sender only when it is on an intermediate router.
.