Icmp Services; Custom Ip Protocol Services - D-Link NetDefend DFL-210 User Manual

3.2.3. ICMP Services

When setting up rules that filter by services it is possible to use the service grouping all_services to
refer to all protocols. If just referring to the main protocols of TCP, UDP and ICMP then the service
group all_tcpudpicmp can be used.
3.2.3. ICMP Services
Internet Control Message Protocol (ICMP), is a protocol integrated with IP for error reporting and
transmitting control information. The PING service, for example, uses ICMP to test an Internet
connectivity.
ICMP messages is delivered in IP packets, and includes a Message Type that specifies the type, that
is, the format of the ICMP message, and a Code that is used to further qualify the message. For
example, the message type Destination Unreachable, uses the Code parameter to specify the exact
reason for the error.
The ICMP message types that can be configured in NetDefendOS are listed as follows:
• Echo Request: sent by PING to a destination in order to check connectivity.
• Destination Unreachable: the source is told that a problem has occurred when delivering a
packet. There are codes from 0 to 5 for this type:
• Code 0: Net Unreachable
• Code 1: Host Unreachable
• Code 2: Protocol Unreachable
• Code 3: Port Unreachable
• Code 4: Cannot Fragment
• Code 5: Source Route Failed
• Redirect: the source is told that there is a better route for a particular packet. Codes assigned are
as follows:
• Code 0: Redirect datagrams for the network
• Code 1: Redirect datagrams for the host
• Code 2: Redirect datagrams for the Type of Service and the network
• Code 3: Redirect datagrams for the Type of Service and the host
• Parameter Problem: identifies an incorrect parameter on the datagram.
• Echo Reply: the reply from the destination which is sent as a result of the Echo Request.
• Source Quenching: the source is sending data too fast for the receiver, the buffer has filled up.
• Time Exceeded: the packet has been discarded as it has taken too long to be delivered.

3.2.4. Custom IP Protocol Services

Services that run over IP and perform application/transport layer functions can be uniquely
identified by IP protocol numbers. IP can carry data for a number of different protocols. These
protocols are each identified by a unique IP protocol number specified in a field of the IP header, for
example, ICMP, IGMP, and EGP have protocol numbers 1, 2, and 8 respectively.
NetDefendOS supports these types of IP protocols by using the concept of Custom IP Protocol
Services. A Custom IP Protocol service is a service definition giving a name to an IP protocol
55
Chapter 3. Fundamentals