[Needs Mikrotik feedback] `reject-with` values are not documented any more

jeroenp · October 19, 2016, 3:26pm

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter does not document the reject-with values any more.

https://www.google.com/search?q="reject-with"+mikrotik+site:wiki.mikrotik.com%2Fwiki%2FManual reveals one tiny example with one value not explaining what it means.

Please re-add the relevant bits of https://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php again and explain the various values.

–jeroen

mrz · October 19, 2016, 4:00pm

Values are self explanatory.
Do you wan to see something like
icmp-echo-reply - sends icmp echo reply
etc

boen_robot · October 19, 2016, 4:16pm

Just include the values in there, like other enumerated values (no explanation for each needed), i.e. have the first column as:

reject-with > (icmp-admin-prohibited | icmp-echo-reply | icmp-host-prohibited | icmp-host-unreachable | icmp-net-prohibited | icmp-network-unreachable | icmp-port-unreachable | icmp-protocol-unreachable | tcp-reset | > integer> ; Default: )

It saves people from going to terminal and typing “add reject-with=?” just to see the possible values they’re working with.

Personally, I’d also appreciate an explanation for the integer. I’m guessing it’s ICMP code, but it would be nice if this is explicitly said.

ZeroByte · October 19, 2016, 4:51pm

With the exception of “integer” (mentioned by Boen Robot) these response types are standard IP packet types. If you want to learn about those, then just google for any networking tutorials / guides / rfcs etc.

jeroenp · October 19, 2016, 7:31pm

That’s the problem: https://www.google.com/search?q=“icmp-admin-prohibited” does not return meaningful results at least not in my location.

Why not just have the documentation link to a relevant URL that explains the values?

Don’t expect all your users to be RFC gurus.

–jeroen

mrz · October 20, 2016, 11:20am

Let me do that for you
http://lmgtfy.com/?q=icmp+admin+prohibited+code&l=1#seen

BTW there is no integer code in ROS v6.

jeroenp · October 22, 2016, 9:04am

Your post was not helpful, especially not in your role as Mikrotik Support employee. In that light I regard your post even as unprofessional especially since you insinuate I cannot search and your search results does not reveal any relevant standards explaining the information I was after.

After a long search, I found https://tools.ietf.org/html/rfc1812#section-5.2.7.1 which explains what the rejection code means and got there via https://tools.ietf.org/html/rfc5508#section-6 after observing that these RFCs call the flag “Communication administratively prohibited” which is not near a search for “icmp-admin-prohibited” or “icmp admin prohibited”.

I don’t expect you guys to be like companies such as Cisco in the extension of documentation, but I do expect linking to relevant documentation when you don’t explain the why/how of certain functionality especially if you name things differently from standards.

In this case you guys should link to these RFCs or similar kinds of information (maybe even through the WayBack machine if you expect 404-errors) as right now you put the search burden on your customers instead of helping them.

–jeroen