return-icmp-as-dest
Description
| Sends a destination unreachable error back to a peer if an ICMP packet specified by the rule is blocked by the firewall. When this keyword is used, the destination unreachable error contains a source address copied from the destination address of the blocked packet. |
Synopsis
block in return-icmp-as-dest[(number )] [proto udp] {from | to} address_scope [port op port_value ]| number indicates the ICMP destination unreachable code field to be set in the response message. It can be any value from 0-255. If no value is supplied, 0 is assumed. defines the supported options. |
| Code | Description |
| IPv4 Codes | IPv4 Codes |
| 0 | Network unreachable |
| 1 | Host unreachable |
| 2 | Protocol unreachable |
| 3 | Port unreachable |
| 4 | Fragmentation needed but no frag bit set |
| 5 | Source routing failed |
| 9 | Destination network administratively prohibited |
| 10 | Destination host administratively prohibited |
| IPv6 Codes | IPv6 Codes |
| 0 | Destination unreachable: no route |
| 2 | Destination unreachable: beyond scope |
| 3 | Destination unreachable: addr |
| 4 | Destination unreachable: no port |
| address_scope can be a unique IP address, an address space, or the keywords !, all, me, or any. |
| op is a mathematical operator. For more information, see . |
| port_value is an individual port or an interval. |