Community discussions

MUM Europe 2020
 
bg1362
just joined
Topic Author
Posts: 5
Joined: Thu Oct 15, 2009 1:26 am

How to disable host unreachable message reply to ICMP.

Thu Oct 15, 2009 1:33 am

Is there a quick and easy method to do this? On Cisco it's just "no ip unreachables"

I want ICMP enabled for all src & dst addreses, but if a device is unreachable, I just want the packet dropped, no reply. Causing havoc with ICMP based network monitoring tools.

Thanks!

Brian
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to disable host unreachable message reply to ICMP.

Thu Oct 15, 2009 1:59 am

"Destination unreachable" is ICMP type 3.

So this:
/ip firewall filter add protocol=icmp icmp-options=3 chain=forward action=drop
should prevent any such ICMP packets from being forwarded through the router. If you want to prevent RouterOS itself from generating such messages dropping them in the output chain should do the trick.

Who is online

Users browsing this forum: Bing [Bot], IPANetEngineer, Renfrew and 134 guests