Gentoo Archives: gentoo-security

From: Frank Gruellich <frank@××××××××××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 17:17:32
Message-Id: 20040108165526.GG4413@home.manuelm.org
In Reply to: Re: [gentoo-security] firewall suggestions? by Troy Farrell
* Troy Farrell <troy@×××××××××××.com>  8. Jan 04
> # iptables -L allow-icmp-traffic
[output fixed]
> Chain allow-icmp-traffic (2 references) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5 > ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5 > ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5 > ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5 > ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5 > LOG icmp -- anywhere anywhere LOG level warning prefix `Bad ICMP traffic:' > REJECT icmp -- anywhere anywhere
The default answer of REJECT ist port unreachable. I always wondered, if this is a good way to answer to a question in a protocol with no ports. Shouldn't you answer with ICMP protocol unreachable maybe? Regards, Frank. -- Sigmentation fault -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Chris K Ellsworth <cke@××××××××××××××××××.net>
Re: [gentoo-security] firewall suggestions? Andy Smith <andy@××××××××××.net>