< Home

icmp receive

Function

The icmp receive command enables the FW to receive ICMP messages.

The undo icmp receive command disables the FW from receiving ICMP messages.

Format

icmp { type icmp-type code icmp-code | name icmp-name | all } receive

undo icmp { type icmp-type code icmp-code | name icmp-name | all } receive

Parameters

Parameter Description Value

type icmp-type

Specifies the type number of an ICMP message.

The value is an integer ranging from 0 to 255.

code icmp-code

Specifies the code of an ICMP message.

The value is an integer ranging from 0 to 255.

name icmp-name

Specifies the name of an ICMP message. The value can be any of the following:

  • echo

  • echo-reply

  • fragmentneed-dfset

  • host-redirect

  • host-tos-redirect

  • host-unreachable

  • information-reply

  • information-request

  • net-redirect

  • net-tos-redirect

  • net-unreachable

  • parameter-problem

  • port-unreachable

  • protocol-unreachable

  • reassembly-timeout

  • source-quench

  • source-route-failed

  • timestamp-reply

  • timestamp-request

  • ttl-exceeded

The value is a string of case-insensitive characters. The string length ranges from 1 to 32.

all

All ICMP messages.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The undo icmp receive command can be used to disable the FW from receiving ICMP messages for the purpose of improving network performance or enhancing network security.

  • On secure networks, the FW can normally receive ICMP messages. In the case of heavy traffic on the network, if hosts or ports are frequently unreachable, the FW will receive a large number of ICMP packets, which causes heavier traffic burdens over the network and degrades the performance of the FW.

  • On insecure networks, network attackers often use ICMP error messages to spy on the internal structure of the network.

Configuration Impact

After the undo icmp receive command is run, the FW no longer process ICMP messages of a certain type, causing the host to fail to ping the FW.

Precautions

FW not receive the following ICMP packets: timestamp-reply, timestamp-request, ICMP packet of type 17 and code 0, and ICMP packet of type 1 and code 0. The FW receives other types of ICMP packets.

If the network status is normal and the FW is required to receive ICMP messages, you can run the icmp receive command.

Example

# Disable the FW from receiving ICMP messages with the type number being 3 and the code number being 1.

<sysname> system-view
[sysname] undo icmp type 3 code 1 receive

# Disable the FW from receiving host-unreachable ICMP messages.

<sysname> system-view
[sysname] undo icmp name host-unreachable receive

# Disable the FW from receiving ICMP echo messages.

<sysname> system-view
[sysname] undo icmp name echo receive

# Disable the FW from receiving all ICMP messages.

<sysname> system-view
[sysname] undo icmp all receive
Parent Topic: IP Performance Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >