Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ICMP Type 3 (code 4)

    Firewalling
    4
    5
    316
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lovi
      last edited by

      Does anyone know if I enable ICMP Type 3 (destination unreachable) on my WAN with pfsense, does this also allow ICMP Fragmentation Needed (Type 3, Code 4) to ensure that Path MTU Discovery works?

      There isn't a specific selection for ICMP fragmentation so I assume, allowing Type 3 also allows all the subcodes of that type;
      Meaning all below subtypes of Type 3 besides Fragmentation Needed;

      0	Network Unreachable - The destination network cannot be reached.
1	Host Unreachable - The destination host cannot be reached.
2	Protocol Unreachable - The protocol (e.g., TCP, UDP) is not supported at the destination.
3	Port Unreachable - The port is not accessible at the destination host (often seen with UDP).
4	Fragmentation Needed and DF Set - Packet fragmentation is required, but the DF (Don't Fragment) flag is set.
5	Source Route Failed - Source routing failed along the path to the destination.
6	Destination Network Unknown - The destination network is unknown.
7	Destination Host Unknown - The destination host is unknown.
8	Source Host Isolated - The source host is isolated.
9	Communication with Destination Network is Administratively Prohibited - Network is restricted by administrative policies.
10	Communication with Destination Host is Administratively Prohibited - Host is restricted by administrative policies.
11	Network Unreachable for Type of Service - The network is unreachable for the specified Type of Service (ToS).
12	Host Unreachable for Type of Service - The host is unreachable for the specified ToS.
13	Communication Administratively Prohibited - General administrative restriction (broader than codes 9 and 10).
14	Host Precedence Violation - Indicates a violation of host precedence.
15	Precedence Cutoff in Effect - The precedence of the packet is below the cutoff level.

      Is my assumption correct?

      1 Reply Last reply Reply Quote 1
      • G
        Gerard64
        last edited by

        I like to know this to!

        M 1 Reply Last reply Reply Quote 0
        • M
          matt0023 @Gerard64
          last edited by

          @Gerard64 Plus 1 as the kids, say 😃

          1 Reply Last reply Reply Quote 1
          • TechGripsT
            TechGrips
            last edited by

            I also need to know this. I wish it was just available as an ICMP Subtype in the GUI's Firewall > Rules.

            1 Reply Last reply Reply Quote 0
            • M
              matt0023
              last edited by

              yeah it could be clearer in the GUI. But basically Type 3 covers all the subtype's codes the OP mentions, including re: fragmentation.

              More info on the subtypes can be found online but the IANA site has a very good page on it: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.