Am 03.06.2024 um 08:48:28 Uhr schrieb Eric Garver:
rule family="ipv4" source address="185.122.204.97" reject type=communication-prohibited
This will use ICMP type 3 code 13.
Thanks!
At least in Debian, it had to be admin-prohib or icmp-admin-prohibited
rule family="ipv4" source address="185.122.204.97" log reject type="admin-prohib"
For IPv6, this uses other terms:
rule family="ipv6" source address="2001:db8::/32" port port="80" protocol="tcp" log reject type="adm-prohibited"
type=icmp6-adm-prohibited also exists and emits the same ICMPv6 packet. Are there any differences?
The firewalld.richlanguage(5) manpage in Debian doesn't list those types, it only lists icmp-admin-prohibited for IPv4.
Is there a place where all of the types are documented? Should that be documented in this manpage or is there a better place?