HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
Table 3 ICMP type and codes (continued)
Meaningicmp-type
icmp-code
CodeType
SOURCE QUENCHsquench04
REDIRECTredir5
network
host
network & TOS
host & TOS
ECHO REQUEST (ping request)echo08
ROUTER ADVERTISEMENTrouterad0
ROUTER SOLICITATIONroutesol0
TIME EXCEEDEDtimex11
TTL=0 during transmit
TTL=0 during reassembly
PARAMETER PROBLEMparamprob12
TIMESTAMP REQUESTtimest013
TIMESTAMP REPLYtimestrep014
INFO REQUEST (obsolete)inforeq015
INFO REPLY (obsolete)inforep016
ADDRESS MASK REQUESTmaskreq017
ADDRESS MASK REPLYmaskrep018
The ICMP code names are valid with the return-icmp and return-icmp-as-dest keywords,
which send ICMP responses to blocked packets. See Section (page 27) for an example.
Configuring ICMPv4 kernel parameters
Historically, ICMPv4 (ICMP) messages have been exploited and used in Denial of Service (DoS)
attacks. This section describes how to optimize ICMP security by configuring ndd (system network)
parameters for ICMP features and by configuring associated IPFilter rules.
Dead gateway detection: ip_ire_gw_probe
The ip_ire_gw_probe parameter enables or disables dead (non-operational) gateway detection.
This feature is useful in topologies with redundant gateways. If you do not have redundant gateways,
HP recommends that you disable this feature. By default, this feature is enabled.
Default VvalueValid valuesParameter name
10 (disable)ip_ire_gw_probe
1 (enable)
Configuring ICMPv4 kernel parameters 79