Cisco Cisco Packet Data Gateway (PDG)
ACS Rulebase Configuration Mode Commands
firewall icmp-destination-unreachable-message-threshold ▀
Command Line Interface Reference, StarOS Release 16 ▄
689
firewall icmp-destination-unreachable-message-threshold
This command allows you to configure a threshold on the number of ICMP error messages sent by the subscriber for a
particular data flow.
particular data flow.
Important:
In StarOS 8.0, this command is available in the ACS Configuration Mode. In StarOS 8.1 and StarOS
8.3, use this command for Rulebase-based Firewall-and-NAT configuration. In StarOS 8.1 and StarOS 9.0 and later
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
firewall icmp-destination-unreachable-message-threshold messages then-block-server
{ default | no } firewall icmp-destination-unreachable-message-threshold
default
Configures this command with its default setting.
Default: No limit
Default: No limit
no
If previously configured, deletes the configuration from the current rulebase.
messages
Specifies the threshold on the number of ICMP error messages sent by the subscriber for a particular data
flow.
flow.
messages
must be an integer from 1 through 100.
Usage
Use this command to configure a threshold on the number of ICMP error messages sent by the subscriber for
a particular data flow. After the threshold is reached, it is assumed that the server is not reacting properly to
the error messages, and further downlink traffic to the subscriber on the unwanted flow is blocked.
Some servers that run QChat ignore the ICMP error messages (Destination Port Unreachable and Host
Unreachable) from the mobiles. So the mobiles continue to receive unwanted UDP traffic from the QChat
servers, and their batteries get exhausted quickly.
a particular data flow. After the threshold is reached, it is assumed that the server is not reacting properly to
the error messages, and further downlink traffic to the subscriber on the unwanted flow is blocked.
Some servers that run QChat ignore the ICMP error messages (Destination Port Unreachable and Host
Unreachable) from the mobiles. So the mobiles continue to receive unwanted UDP traffic from the QChat
servers, and their batteries get exhausted quickly.