How to configure firewalld to send out icmp type 3 code 3 (port-unreachble) message instead of type 3 code 3 (icmp-host-prohibited) default messages in RHEL7?

Solution In Progress - Updated -

Issue

  • We have a system running RHEL 7 with firewalld enabled.
  • In the public interface we have permited these following services:
public (default, active)
  interfaces: eno16780032
  sources: 
  services: ftp http https
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: parameter-problem redirect router-advertisement router-solicitation source-quench
  rich rules:
  • When a traceroute is performed to that interface IP from the network we are seeing ICMP type 3 code 10 (Destination unreachable).
  • How can we change the response type to icmp type 3 code 3 (port-unreachable) instead of destination unreachable message?
  • How to configure firewalld to change the icmp responses?

Environment

  • Red Hat Enterprise Linux (RHEL)7.0
  • Firewalld service.
  • Firewalld rich rules.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content