ServerIron ADX Security Guide 81
53-1002440-03
ACLs and ICMP 2
The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.
You can either use the <icmp-type> and enter the name of the message type or use the
<icmp-type-number> <icmp-ode-number> parameter and enter the type number and code number
of the message. Refer to Table 5 for valid values.
NOTE
“X” in the Type-Number or Code-Number column in Table 5 means the device filters any traffic of that
ICMP message type.
TABLE 5 ICMP message types and codes
ICMP message type Type Code
administratively-prohibited 3 13
any-icmp-type x x
destination-host-prohibited 3 10
destination-host-unknown 3 7
destination-net-prohibited 3 9
destination-network-unknown 3 6
echo 8 0
echo-reply 0 0
general-parameter-problem
NOTE: This message type indicates that required
option is missing.
12 1
host-precedence-violation 3 14
host-redirect 5 1
host-tos-redirect 5 3
host-tos-unreachable 3 12
host-unreachable 3 1
information-request 15 0
log
mask-reply 18 0
mask-request 17 0
net-redirect 5 0
net-tos-redirect 5 2
net-tos-unreachable 3 11
net-unreachable 3 0
packet-too-big 3 4
parameter-problem
NOTE: This message includes all parameter problems
12 0
port-unreachable 3 3
precedence-cutoff 3 15