ICMP Type 3 (code 4)

lovi

Does anyone know if I enable ICMP Type 3 (destination unreachable) on my WAN with pfsense, does this also allow ICMP Fragmentation Needed (Type 3, Code 4) to ensure that Path MTU Discovery works?

There isn't a specific selection for ICMP fragmentation so I assume, allowing Type 3 also allows all the subcodes of that type;
Meaning all below subtypes of Type 3 besides Fragmentation Needed;

0	Network Unreachable - The destination network cannot be reached.
1	Host Unreachable - The destination host cannot be reached.
2	Protocol Unreachable - The protocol (e.g., TCP, UDP) is not supported at the destination.
3	Port Unreachable - The port is not accessible at the destination host (often seen with UDP).
4	Fragmentation Needed and DF Set - Packet fragmentation is required, but the DF (Don't Fragment) flag is set.
5	Source Route Failed - Source routing failed along the path to the destination.
6	Destination Network Unknown - The destination network is unknown.
7	Destination Host Unknown - The destination host is unknown.
8	Source Host Isolated - The source host is isolated.
9	Communication with Destination Network is Administratively Prohibited - Network is restricted by administrative policies.
10	Communication with Destination Host is Administratively Prohibited - Host is restricted by administrative policies.
11	Network Unreachable for Type of Service - The network is unreachable for the specified Type of Service (ToS).
12	Host Unreachable for Type of Service - The host is unreachable for the specified ToS.
13	Communication Administratively Prohibited - General administrative restriction (broader than codes 9 and 10).
14	Host Precedence Violation - Indicates a violation of host precedence.
15	Precedence Cutoff in Effect - The precedence of the packet is below the cutoff level.

Is my assumption correct?

Gerard64

I like to know this to!