| SourceQuench |
| enabled : If an IP packet is discarded due to congestion, the system sends an ICMP 'Source-Quench' message back to the originator of the packet. For congestion-control/prevention, the system may send ICMP 'Source-Quench' messages also. This is the default behavior of the system. The rate of ICMP 'Source Quench' messages is limited to max. 1 message/s per originator. disabled: system never sends ICMP 'Source-Quench' messages (not for congestions nor for congestion-control). Enumerations: |
| TimeExceededTrans |
| enabled : If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is discarded and the system sends an ICMP 'Time-Exceeded/Trans' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is silently discarded. ICMP 'Time Exceeded/Trans' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'traceroute'). Enumerations: |
| TimeExceededFrag |
| enabled : If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the system sends an ICMP 'Time-Exceeded/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the IP packet is silently discarded. ICMP 'Time Exceeded/Fragment' messages should be disabled with care (only if really necessary). Enumerations: |
| DestUnreachFrag |
| enabled : If an IP packet could not be delivered/forwarded to destination due to MTU/Dont-Fragment error (packet must be fragmented due to interface-MTU but Dont-Fragment (DF) bit is set in IP header), the IP packet is discarded and the system sends an ICMP 'Destination-Unreachable/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to interface-MTU/DF-bit problem, the packet is silently discarded. ICMP 'Destination-UnreachableFragment' messages should be disabled with care (only if really necessary). Disabling of this ICMP messages will make Path MTU Discovery impossible and might lead to bad performance behaviours. Enumerations: |
| DestUnreachHost |
| enabled : If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Host' message back to the originator of the packet. This is the default behavior of the system. (see ipIcmpDestUnreachHostTcp also) disabled: If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is silently discarded. ICMP 'Destination-Unreachable/Host' messages should be disabled with care (only if really necessary). The functionality of the virtual REFUSE-Interface is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for all packets explicity routed to this Interface (ifIndex 0). The functionality of ipExtIfNatSilentDeny=disabled is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for incoming IP-Packets that does not pass the NAT barrier of NAT-enabled Interfaces. Enumerations: |
| DestUnreachHostTcp |
| Set ICMP (Dest Unreachable/Host) behavior for TCP packets. tcp-rst : If a TCP packet can not be delivered/forwarded to destination (e.g. no matching route exists, interface down/blocked), the TCP-Connection is terminated by sending a TCP-RST message (a TCP packet with RST-bit set in TCP-header) back to the originator of the packet. This is the default behavior of the system. The TCP RST message is send INSTEAD of an ICMP 'Destination-Unreachable/Host' message. If ipIcmpDestUnreachHost is set to disabled(2), no TCP-RST message is sent back. icmp : TCP traffic is handled like all other IP traffic. (see description of ipIcmpDestUnreachHost) Enumerations: |
| DestUnreachProto |
| enabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Proto' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is silently discarded. ICMP 'Destination-Unreachable/Proto' messages should be disabled with care (only if really necessary). Enumerations: |
| EchoReply |
| enabled : each incoming ICMP 'Echo-Request' message addressed to local system is answered with an ICMP 'Echo-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Echo-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Reply' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'ping'). local 'pings' to other system/routers are not affected by this parameter. Enumerations: |
| MaskReply |
| enabled : each incoming ICMP 'Mask-Request' message addressed to local system is answered with an ICMP 'Mask-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Mask-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Mask' messages should be disabled with care (only if really necessary), because subnet-discovery based on this protocol. Enumerations: |
| TimestampReply |
| enabled : each incoming ICMP 'Timestamp' message addressed to local system is answered with an RFC792-compliant ICMP 'Timestamp-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Timestamp' messages addressed to local system are silently discarded. extended: if an incoming ICMP 'Timestamp' message contains data appended after the three timestamp fields (which is a deviation of RFC792), the system replies with a modified 'Timestamp-Reply' message which contains a copy of the received data appended after the three timestamp fields. This behaviour is not RFC792-compliant and should be reserved for testing purposes. Enumerations: - enabled (1)
- disabled (2)
- extended (3)
|