Hello.
How can I hide the vyos router from the trace? If I block just icmp type-name time-exceeded
But then all tracing to the end hop is lost. And I need to make sure that only the router’s hop is not visible.
Block icmp-type time-exceeded for the OUTPUT chain but allow it anywhere else.
Can you elaborate on that? Maybe you have an example?
Can you please give an example?
I tried doing this setup, but it hides all the trace after the router
set firewall name HIDE-TRACEROUTE rule 10 action drop
set firewall name HIDE-TRACEROUTE rule 10 protocol icmp
set firewall name HIDE-TRACEROUTE rule 10 icmp type time-exceeded
set interfaces ethernet eth0 firewall in name HIDE-TRACEROUTE