Unfortunately I have to use general rules to create network politics because I am using another Antivirus, not Comodo’s one. The Antivirus WebGuard is proposing the network access to all programs, so I have to restrict it by GR only.
Anyway, what is the reason of such huge amount of ICMP requests? I’m a little bit affraid because I am using traffic shaper (cFosSpeed) and in the case it will not obtain ping requests it will not work.
I have created the rule #4 (from the upper side of the rule list I have provided) to allow ICMP Type 3 but it looks like it is not Code 0. How could I obtain the code of blocked ICMP in the log?
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers’ operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.
ICMP [1] relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute.
ICMP 3.10 and 3.13 are both firewall reject messages. Not from CFP/CIS, but from a firewall sitting somewhere between your PC and whatever IP address you’re trying to reach.
3.10 is “host administratively prohibited”, and 3.13 is “communication adminstatively prohibited”
The difference is that 3.10 is coming from the IP address you’re trying to reach. Your packet made it there, but was refused. The 3.10 is the ICMP refusal message. It means that the IP address is not stealthed, but is instead configured to explicitly say “Go Away. Now.”
The 3.13 is likely coming from a router. The BSD syntax for this would be “ipfw unreach filter-prohib all from any to any”. Cisco routers have a similar syntax, but is not so straightforward to explain.