2 Answers
- Newest
- Most votes
- Most comments
2
It's not written clearly in the documentation. For "Type" select "Destination Unreachable", and for "Port range" select "fragmentation required, and DF flag set".
1
When editing a Security Group you can select Custom ICMP
in the Type
column. That then allows you to select Destination Unreachable
in the Protocol
column. From there you can select Fragmentation needed
in the Port range
column.
The reason this is a little odd is because most other protocols use a port to determine the application that is being allowed. With ICMP it is a Type
and a Sub-type
so the ICMP sub-types (of which Fragmentation needed but DF bit set
) is one.
Relevant content
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago