1 |
* Troy Farrell <troy@×××××××××××.com> 8. Jan 04 |
2 |
> # iptables -L allow-icmp-traffic |
3 |
|
4 |
[output fixed] |
5 |
|
6 |
> Chain allow-icmp-traffic (2 references) |
7 |
> target prot opt source destination |
8 |
> ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5 |
9 |
> ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5 |
10 |
> ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5 |
11 |
> ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5 |
12 |
> ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5 |
13 |
> LOG icmp -- anywhere anywhere LOG level warning prefix `Bad ICMP traffic:' |
14 |
> REJECT icmp -- anywhere anywhere |
15 |
|
16 |
The default answer of REJECT ist port unreachable. I always wondered, |
17 |
if this is a good way to answer to a question in a protocol with no |
18 |
ports. Shouldn't you answer with ICMP protocol unreachable maybe? |
19 |
|
20 |
Regards, Frank. |
21 |
-- |
22 |
Sigmentation fault |
23 |
|
24 |
-- |
25 |
gentoo-security@g.o mailing list |