Digi TransPort WR11 User Manual page 768

Configuring security
ICMP type value
13
14
15
[icmp-code]
An optional decimal number representing the ICMP code of the return ICMP packet. If the [icmp-
type] is [unreach], the ICMP code can also be one of the following predefined text codes:
ICMP code
net-unr
host-unr
proto-unr
port-unr
needfrag
srcfail
For example, this rule causes the router to return an ICMP Unreachable packet in response to all
packets received on PPP 0:
bl ock r et ur n- i cm p unr each i n br eak end on ppp 0
Instead of using the return-icmp option to return an ICMP packet, you can use return-rst to return a
TCP reset packet instead. This would only be applicable for a TCP packet. For example, this rule
returns a TCP reset packet when the firewall receives a TCP packet on the Ethernet interface 0 with
destination address 10.1.2.*.
bl ock r et ur n- r st i n br eak end on et h 0 pr ot o t cp f r om any t o 10. 1. 2. 0/ 24
return-icmpv6
In addition to the existing return-icmp option, which is used only with IPv4, you can include an
optional field that causes an ICMPv6 packet to be returned to the interface from which that packet
was received.
The syntax for specifying the return of an ICMP packet is:
" r et ur n- i cm pv6" i cm pv6- t ype [ i cm pv6- code]
where:
[icmpv6_type]
Is a decimal number representing the ICMPv6 type, or one of the predefined text codes listed in the
following table:
Digi TransPort® Routers User Guide
ICMP type
maskrep
routerad
routersol
Description
Network unreachable
Host unreachable
Protocol unrecognized
Port unreachable
Needs fragmentation
Source route fail
Firewall
768