As subject:
I want to be able to controll by ICMP code the types of ICMP Unreachable (Type 3) messages generated by a filtering router.
Scenario: BGP Peering routers to a web hosting infrastructure on the Internet, that want visibility of the path used via traceroute, however I dont want to advertise the fact that filtering is occuring by generating ICMP unreachable admin prohibtited or filtering prohibited.
I would also like to stay away from implementing outbound ACLs on the external interfaces just to control ICMP message generation.
Any other thoughts?