Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Troy Farrell <troy@...>
Subject: Re: firewall suggestions?
Date: Thu, 08 Jan 2004 10:27:35 -0600
# iptables -L allow-icmp-traffic

Chain allow-icmp-traffic (2 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded
limit: avg 10/sec burst 5
ACCEPT     icmp --  anywhere             anywhere           icmp
destination-unreachable limit: avg 10/sec burst 5
ACCEPT     icmp --  anywhere             anywhere           icmp source-quench
limit: avg 10/sec burst 5
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request
limit: avg 5/sec burst 5
ACCEPT     icmp --  anywhere             anywhere           icmp echo-reply
limit: avg 5/sec burst 5
LOG        icmp --  anywhere             anywhere           LOG level warning
prefix `Bad ICMP traffic:'
REJECT     icmp --  anywhere             anywhere

Something like this?

Troy
-- 
And the glory of the LORD shall be revealed, and all flesh shall see it
together: for the mouth of the LORD hath spoken it.
Isaiah 40.5

Ryan Voots wrote:
> On Thu, 8 Jan 2004 16:17:49 +0100 "Oliver Schad" <o.schad@...>  Add to
> Address Book wrote:
> 
>> Probably you think ICMP is dangerous too. There are a lot of brain dead 
>> admins who blocks ICMP packets and they wonder why connections to some 
>> websites are broken or if they administrate the packet filter before a 
>> webserver they wonder why some user grouches they wouldn't get a connection
>> to the web server.
> 
> 
> thats one reason i don't block it, some services and things use it to look
> for hosts that are up, what i wish i could do is some type of limit where it
> would only send replies to them at a certain rate, just so that a ping -f on
> 12 machines to my machine wouldn't cause a huge bandwidth surge from my
> machine.
> 
> -----BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/E/M/S/O d--(-) s:+>:- 
> a--->-->->>+>++>+++$ C+++>++++$ UL++++>++++$ P+++>++++$ L++++>++++$ !E-?
> W++>++$>+++$ N++>* !o? !K? w--->---$ O-- M-@ !V--? PS+++(++(+((-)))) PE
> Y+(++)@ PGP+++(++) t+++>+++$ 5--(-)@ X++@>+++@ R+(++)@ tv+++@>++@ b+>++
> DI++++ D+++@ G+++>++++ e>+$>++$>+++$>++++$>+++++$ h+>++ r*(--(++))@
> !y+>-->->+++@ -----END GEEK CODE BLOCK-----


--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Frank Gruellich
References:
RE: firewall suggestions?
-- MA
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ryan Voots
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.