ICMP message type 3 is an unreachable message. Within this message type are a number of “codes” which define various types of messages. This table is from IANA and shows the various types:
3 Destination Unreachable [RFC792]
Codes:
0 Net Unreachable [RFC792]
1 Host Unreachable [RFC792]
2 Protocol Unreachable [RFC792]
3 Port Unreachable [RFC792]
4 Fragmentation Needed and Don’t [RFC792]
Fragment was Set [RFC792]
5 Source Route Failed [RFC792]
6 Destination Network Unknown [RFC1122]
7 Destination Host Unknown [RFC1122]
8 Source Host Isolated [RFC1122]
9 Communication with Destination [RFC1122]
Network is Administratively Prohibited
10 Communication with Destination Host is [RFC1122]
Administratively Prohibited
11 Destination Network Unreachable for Type [RFC1122]
of Service
12 Destination Host Unreachable for Type of [RFC1122]
Service
13 Communication Administratively Prohibited [RFC1812]
14 Host Precedence Violation [RFC1812]
15 Precedence cutoff in effect [RFC1812]
/etc/sysconfig/iptables config:
-A INPUT -j REJECT –reject-with icmp-host-prohibited
The type given can be:
- icmp-net-unreachable
- icmp-host-unreachable
- icmp-port-unreachable
- icmp-proto-unreachable
- icmp-net-prohibited
- icmp-host-prohibited or
- icmp-admin-prohibited (*)
09:58:42.564631 IP 199.119.252.97 > 38.39.81.135: ICMP host 199.119.252.97 unreachable – admin prohibited, length 528