Also, can the rules use something else rather than icmp-host-prohibited? That gives back 'No route to host' which is wrong:
| $ nc -vz 150.136.239.201 80 | nc: connect to 150.136.239.201 port 80 (tcp) failed: No route to host
This made me waste a bit of time trying to figure out if it's routing somewhere between our network (and my local network) and OCI.
For TCP, perhaps tcp-reset?
For UDP, or the rest, icmp-port-unreachable?
Also, can the rules use something else rather than icmp-host- prohibited? That gives back 'No route to host' which is wrong:
| $ nc -vz 150.136.239.201 80
| nc: connect to 150.136.239.201 port 80 (tcp) failed: No route to host
This made me waste a bit of time trying to figure out if it's routing somewhere between our network (and my local network) and OCI.
For TCP, perhaps tcp-reset?
For UDP, or the rest, icmp-port- unreachable?