It seems that most (all?) existing packet filtering implementations
simply drop packets when they should not be passed. Wouldn't it be
better to send an ICMP Destination Unreachable type 9 "Communication
with destination network administratively prohibited" (this message is
defined by RFC 1122).
I can see a few implementation details such as not sending this
message if the denied packet is a broadcast or ICMP message.
Would there be serious problems with TCP/IP implementations based
on earlier RFCs?