Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: "gentoo-security@..." <gentoo-security@g.o>
From: Andy Smith <andy@...>
Subject: Re: firewall suggestions?
Date: Fri, 9 Jan 2004 02:19:17 +0000 
On Thu, Jan 08, 2004 at 05:55:26PM +0100, Frank Gruellich wrote:
> * Troy Farrell <troy@...>  8. Jan 04
> > Chain allow-icmp-traffic (2 references)

[...]

> > REJECT     icmp --  anywhere             anywhere
> 
> The default answer of REJECT ist port unreachable.  I always wondered,
> if this is a good way to answer to a question in a protocol with no
> ports.  Shouldn't you answer with ICMP protocol unreachable maybe?

I thought that ICMP should never be answered with ICMP?  So the
correct action would be DROP in this case.

--
gentoo-security@g.o mailing list
Replies:
Re: firewall suggestions?
-- Frank Gruellich
References:
RE: firewall suggestions?
-- MA
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ryan Voots
Re: firewall suggestions?
-- Troy Farrell
Re: firewall suggestions?
-- Frank Gruellich
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.