ICMP Type 3 Blocks From My Router

I just enabled firewall logging on the Global Block ALL Inbound rule.

I am getting hammered by ICMP Type 3 messages from my router. They are occuring every 2 secs! Something tells me I need to allow destination unreachable from the router?

There’s no significant reason to block a variety of ICMP types and very good reasons for allowing certain types.

ICMP Type 3
Code - 0 Net Unreachable
Code - 1 Host Unreachable
Code - 4 Fragmentation Needed

ICMP Type 11
Code - 0 and possibly 1 Time Exceeded

All of which are allowed through global rules by default, but you will need to create Application rules for the Windows Operating System process as an endpoint for these.

Comodo default Global rules for ICMP when Stealth mode option is selected include only frag. needed and time exceeded. No Net or Host Unreachable rules; i.e. Destination Unreachable. Kind of makes sense if you think about it.

However, I think most routers are constantly polling what they are attached to.

I added a Global rule for Net Unreachable from router ip address to host. Alerts disappeared. Might change it to router’s MAC address tonight for better security.

Indeed, using Stealth ports wizard changes the default behaviour of Global rules to specifically allow certain ICMP types.