If I want to forbid a route to response a network, should I use
ip route add unreachable 209.10.26.51
or ip route add prohibit 209.10.26.51
?
What’s the difference between ICMP prohibited ICMP unreachable
iproute2local-area-networknetworkingroute
Related Topic
- OpenVPN Default Route – Why Use Network 0.0.0.0 Netmask 128.0.0.0?
- Can i stop tcp handshake by send icmp of unreachable host
- Linux – the difference between “route” and “ip route”
- Using strongswan, what’s the difference between auto=add, and auto=start
- Linux – dynamic ‘route add’ command doesn’t work but static is working
- Debian Unable to add a static route: SIOADDRT: Network is unreachable
Best Answer
The router will legitimately give back
UNREACHABLE
whenever it doesn't have a route to the destination.PROHIBITED
is probably the better practice to go with. If you get into the habit of setting unreachable, it may cause confusion down the line when you're troubleshooting why your router is giving back responses saying it can't route the packet, when it really should be saying it won't route the packet.