Home / server / Questions / 380160
Accepted
steveyang
Asked: 2012-04-18 02:42:46 +0800 CST

what's the difference between ICMP prohibited ICMP unreachable?

  • 772

If I want to forbid a route to response a network, should I use ip route add unreachable 209.10.26.51 or ip route add prohibit 209.10.26.51?

networking local-area-network route iproute2

3 Answers

  1. Best Answer

    The router will legitimately give back UNREACHABLE whenever it doesn't have a route to the destination.

    PROHIBITED is probably the better practice to go with. If you get into the habit of setting unreachable, it may cause confusion down the line when you're troubleshooting why your router is giving back responses saying it can't route the packet, when it really should be saying it won't route the packet.

    • 4

  2. Eventually, both of them will disable reaching the indicated host/network as both of them are types of ICMP unreachable errors. The main difference is the meaning you want to tell to network users.

    • 1

  3. Prohibited means that the user can physically connect but isn't allowed to.

    Unreachable means that the user can't connect at all.

    So which you report depends on what you want to tell your users.

    Do you want them to know that the IP is valid, but they don't have the necessary permissions to connect or do you want to effectively make the IP invisible?

    • 0