elsiddik <elsiddik@gmail.com> wrote: > On Nov 12, 7:20 am, a10.p...@gmail.com wrote: >> Hi, Gurus: >> >> Is there anyway for me to disable linux box to generate icmp >> destination unreachable message? >> >> thanks in advance. >> >> /zhenwu > net.ipv4.icmp_echo_ignore_broadcasts = 1 > net.ipv4.icmp_echo_ignore_all = 1 > then do sysctl -p I don't think so. These certainly must apply to incoming echo-requests (pings), not destination unreachable messages. To the OP: FWIW, it should be possible to DROP host generated unreachable responses using iptables, e.g. iptables -A icmp_packets -p ICMP -s <host network> --icmp-type 3 -j DROP Or have a firewall with DROP policy and simply add an ACCEPT rule for type 3 ICMP that excludes the host network. Both of these suggestions require packet filtering support in the kernel. -- Clifford Kite /* The generation of random numbers is too important to be left to chance. */