Ping - Destination Host Unreachable


I have VyOS setup with router-on-a-stick fashion (inter-vlan routing). One thing I noticed within VyOS, is that if a Windows client pings a device that is offline on a different subnet, it will show “<Client’s Default Gateway> Destination Host Unreachable”. It will always show that, as opposed to the traditional “Requested Timed Out”. Many other devices/firewalls I use would show “request timed out” as long as it wasn’t on the same subnet. I realize this is a rather strange request, but is this something that can be accomplished, or will the “destination host unreachable” always be returned? I personally like displaying the request timed out because you can clearly tell a device is offline, whereas the destination host unreachable uses almost as much text as a successful ping, if that makes sense. Thank you.


I have done some further digging, and it looks like I was able to accomplish what I wanted by DROPPING ICMP unreachable messages:

sudo iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP

Referenced from this forum: networking - Disable ICMP Unreachable replies - Server Fault

Thank you.

if i’m not wrong you can block ICMP in firewall section