Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-security@g.o>
From: "Chris K Ellsworth" <cke@...>
Subject: Re: firewall suggestions?
Date: Thu, 8 Jan 2004 09:26:16 -0800
So then are these the good ICMP's that should be allowed and all others be
killed for "good" firewall admin practices?

----- Original Message ----- 
From: "Frank Gruellich" <frank@...>
To: <gentoo-security@g.o>
Sent: Thursday, January 08, 2004 8:55 AM
Subject: Re: [gentoo-security] firewall suggestions?


> * Troy Farrell <troy@...>  8. Jan 04
> > # iptables -L allow-icmp-traffic
>
> [output fixed]
>
> > Chain allow-icmp-traffic (2 references)
> > target     prot opt source               destination
> > ACCEPT     icmp --  anywhere             anywhere           icmp
time-exceeded limit: avg 10/sec burst 5
> > ACCEPT     icmp --  anywhere             anywhere           icmp
destination-unreachable limit: avg 10/sec burst 5
> > ACCEPT     icmp --  anywhere             anywhere           icmp
source-quench limit: avg 10/sec burst 5
> > ACCEPT     icmp --  anywhere             anywhere           icmp
echo-request limit: avg 5/sec burst 5
> > ACCEPT     icmp --  anywhere             anywhere           icmp
echo-reply limit: avg 5/sec burst 5
> > LOG        icmp --  anywhere             anywhere           LOG level
warning prefix `Bad ICMP traffic:'
> > REJECT     icmp --  anywhere             anywhere
>
> The default answer of REJECT ist port unreachable.  I always wondered,
> if this is a good way to answer to a question in a protocol with no
> ports.  Shouldn't you answer with ICMP protocol unreachable maybe?
>
>  Regards, Frank.
> -- 
> Sigmentation fault
>
> --
> gentoo-security@g.o mailing list
>
>
>


--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Troy Farrell
References:
RE: firewall suggestions?
-- MA
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ryan Voots
Re: firewall suggestions?
-- Troy Farrell
Re: firewall suggestions?
-- Frank Gruellich
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.