Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Troy Farrell <troy@×××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 16:40:29
Message-Id: 3FFD84F7.3080208@entheossoft.com
In Reply to: Re: [gentoo-security] firewall suggestions? by Ryan Voots
1 # iptables -L allow-icmp-traffic
2
3 Chain allow-icmp-traffic (2 references)
4 target prot opt source destination
5 ACCEPT icmp -- anywhere anywhere icmp time-exceeded
6 limit: avg 10/sec burst 5
7 ACCEPT icmp -- anywhere anywhere icmp
8 destination-unreachable limit: avg 10/sec burst 5
9 ACCEPT icmp -- anywhere anywhere icmp source-quench
10 limit: avg 10/sec burst 5
11 ACCEPT icmp -- anywhere anywhere icmp echo-request
12 limit: avg 5/sec burst 5
13 ACCEPT icmp -- anywhere anywhere icmp echo-reply
14 limit: avg 5/sec burst 5
15 LOG icmp -- anywhere anywhere LOG level warning
16 prefix `Bad ICMP traffic:'
17 REJECT icmp -- anywhere anywhere
18
19 Something like this?
20
21 Troy
22 --
23 And the glory of the LORD shall be revealed, and all flesh shall see it
24 together: for the mouth of the LORD hath spoken it.
25 Isaiah 40.5
26
27 Ryan Voots wrote:
28 > On Thu, 8 Jan 2004 16:17:49 +0100 "Oliver Schad" <o.schad@×××.de> Add to
29 > Address Book wrote:
30 >
31 >> Probably you think ICMP is dangerous too. There are a lot of brain dead
32 >> admins who blocks ICMP packets and they wonder why connections to some
33 >> websites are broken or if they administrate the packet filter before a
34 >> webserver they wonder why some user grouches they wouldn't get a connection
35 >> to the web server.
36 >
37 >
38 > thats one reason i don't block it, some services and things use it to look
39 > for hosts that are up, what i wish i could do is some type of limit where it
40 > would only send replies to them at a certain rate, just so that a ping -f on
41 > 12 machines to my machine wouldn't cause a huge bandwidth surge from my
42 > machine.
43 >
44 > -----BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/E/M/S/O d--(-) s:+>:-
45 > a--->-->->>+>++>+++$ C+++>++++$ UL++++>++++$ P+++>++++$ L++++>++++$ !E-?
46 > W++>++$>+++$ N++>* !o? !K? w--->---$ O-- M-@ !V--? PS+++(++(+((-)))) PE
47 > Y+(++)@ PGP+++(++) t+++>+++$ 5--(-)@ X++@>+++@ R+(++)@ tv+++@>++@ b+>++
48 > DI++++ D+++@ G+++>++++ e>+$>++$>+++$>++++$>+++++$ h+>++ r*(--(++))@
49 > !y+>-->->+++@ -----END GEEK CODE BLOCK-----
50
51
52 --
53 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Frank Gruellich <frank@××××××××××××.org>
Report Message
Find on MARC Find on Google Groups