firewallspotting
Ilya Palagin
tux-4CS0UopE6WdBDgjK7y7TUQ at public.gmane.org
Thu Dec 30 21:03:59 UTC 2004
Tim Writer wrote:
...
>
> You _must_ allow certain types of ICMP or you'll run into trouble. In
> particular, types 4 (source quench), 11 (time to live exceeded), and 12
> (parameter problem) should be allowed in both directions. I also think you
I don't believe one will run into trouble if ICMP is completely blocked
on his side.
Allowing those ICMP types is definitely a good networking style, but is
not absolutely
necessary.
> should allow type 3 (destination unreachable) in both directions and rely on
> other rules to explicitly drop or reject inbound connections. Unless you're
> trying to learn about firewalling, I'd suggest using a firewalling package
> rather than roll your own. Shorewall is a good choice.
>
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list