On 01/06/2016 05:47 AM, Shital Sakhare wrote: > Thanks, Dropped the ICMP type 3 port. Now question to find the cause. Well, based on your tcpdump output, it looks like your rules were rejecting unrelated packets, or tcp/443 packets. It's hard to be sure since the ICMP was the first packet, so you didn't show the packet it was actually replying to. The ICMP traffic is a result of rejecting rather than dropping that traffic. That is, I think you're looking at the problem wrong. The ICMP traffic is simply the result of a choice you made. Are you dropping type 3 in the output chain?