Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
* Troy Farrell <troy@...> 8. Jan 04
> # iptables -L allow-icmp-traffic
[output fixed]
> Chain allow-icmp-traffic (2 references)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5
> ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5
> ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5
> ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5
> ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5
> LOG icmp -- anywhere anywhere LOG level warning prefix `Bad ICMP traffic:'
> REJECT icmp -- anywhere anywhere
The default answer of REJECT ist port unreachable. I always wondered,
if this is a good way to answer to a question in a protocol with no
ports. Shouldn't you answer with ICMP protocol unreachable maybe?
Regards, Frank.
--
Sigmentation fault
--
gentoo-security@g.o mailing list
|
|
