Gentoo Archives: gentoo-security

From:	Frank Gruellich <frank@××××××××××××.org>
To:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] firewall suggestions?
Date:	Thu, 08 Jan 2004 17:17:32
Message-Id:	`20040108165526.GG4413@home.manuelm.org`
In Reply to:	Re: [gentoo-security] firewall suggestions? by Troy Farrell

1	* Troy Farrell <troy@×××××××××××.com> 8. Jan 04
2	> # iptables -L allow-icmp-traffic
3
4	[output fixed]
5
6	> Chain allow-icmp-traffic (2 references)
7	> target prot opt source destination
8	> ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5
9	> ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5
10	> ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5
11	> ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5
12	> ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5
13	> LOG icmp -- anywhere anywhere LOG level warning prefix `Bad ICMP traffic:'
14	> REJECT icmp -- anywhere anywhere
15
16	The default answer of REJECT ist port unreachable. I always wondered,
17	if this is a good way to answer to a question in a protocol with no
18	ports. Shouldn't you answer with ICMP protocol unreachable maybe?
19
20	Regards, Frank.
21	--
22	Sigmentation fault
23
24	--
25	gentoo-security@g.o mailing list

Subject	Author
Re: [gentoo-security] firewall suggestions?	Chris K Ellsworth <cke@××××××××××××××××××.net>
Re: [gentoo-security] firewall suggestions?	Andy Smith <andy@××××××××××.net>