Yes, now I am dropping packets in OUTPUT chain for type 3. Initially, I implemented the chain to drop type 0 and 8. But it wont worked and the packets were hitting at firewall for multiple ICMP requests. I didn't Understand the problem. After posting here I go through all the types of ICMP types where I understand to drop packets for "Host unreachability" . Thanks for your help Mr. Gordon 🙏. On Wed, Jan 6, 2016 at 8:47 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 01/06/2016 05:47 AM, Shital Sakhare wrote: > >> Thanks, Dropped the ICMP type 3 port. Now question to find the cause. >> > > Well, based on your tcpdump output, it looks like your rules were > rejecting unrelated packets, or tcp/443 packets. It's hard to be sure > since the ICMP was the first packet, so you didn't show the packet it was > actually replying to. > > The ICMP traffic is a result of rejecting rather than dropping that > traffic. That is, I think you're looking at the problem wrong. The ICMP > traffic is simply the result of a choice you made. Are you dropping type 3 > in the output chain? > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >