I have a Linux machine that is being used as a router. It has quagga installed and has ip forwarding enabled. It's forming an OSPF adjacency with a 3925 Cisco router.
I'm being asked to ensure that this Linux machine (running Redhat 6.8) will not send any ICMP Unreachable notifications. I know that on a Cisco router I would simply set "no icmp unreachable" on any interfaces that need it. But how could I be certain that they're disabled on a Linux machine?
I'm also being asked to ensure that no "ICMP Mask Reply" messages get sent from the router. Likewise, I know that on a Cisco router the "no ip mask-reply" command would be used. Is there an equivalent type of setting in Redhat?
Thanks for any help.
First I really hate the idea of blocking ICMP messages. It really makes things difficult.
Anyway I believe the most people just handle this by using netfilter (iptables/ip6tables) rules added that block things as needed.
I've learned that the only way to accomplish these things is by filtering them out with the firewall/iptables.
Disable ICMP Unreachable replies
http://blogs.reliablepenguin.com/2009/11/17/iptables-filter-icmp-address-mask-reques