Gentoo Archives: gentoo-security

From: Andy Smith <andy@××××××××××.net>
To: "gentoo-security@×××××××××××××." <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 02:21:58
Message-Id: 20040109021917.GR1665@lug.org.uk
In Reply to: Re: [gentoo-security] firewall suggestions? by Frank Gruellich
On Thu, Jan 08, 2004 at 05:55:26PM +0100, Frank Gruellich wrote:
> * Troy Farrell <troy@×××××××××××.com> 8. Jan 04 > > Chain allow-icmp-traffic (2 references)
[...]
> > REJECT icmp -- anywhere anywhere > > The default answer of REJECT ist port unreachable. I always wondered, > if this is a good way to answer to a question in a protocol with no > ports. Shouldn't you answer with ICMP protocol unreachable maybe?
I thought that ICMP should never be answered with ICMP? So the correct action would be DROP in this case. -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Frank Gruellich <frank@××××××××××××.org>