Re: [PLUG] my first fw rules

Michael C. Toren on Tue, 24 Dec 2002 15:05:19 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] my first fw rules

From: "Michael C. Toren" <mct@toren.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] my first fw rules

Date: Tue, 24 Dec 2002 15:05:17 -0500

User-agent: Mutt/1.4i

> ################################################################# > # ICMP TYPES (incomplete) > # -------------------------- > # (ideas gathered from fw script of vogt@hansenet.com) > # > # 0 - echo reply > # 8 - echo > # 3 - Destination Unreachable > # 11 - Time Exceeded I would also recommend permitting ICMP type 4, source quench messages. > # 30 - Traceroute ICMP type 30 is currently unused, and can be safely left out of your firewall configuration. (It was proposed in RFC1393 for the purposes of introducing a new method of tracerouting -- rather than sending multiple probe packets with varying TTL values, a single probe packet would have been sent containing an IP option. In addition to forwarding packets containing this IP option normally, gateways would have also sent an ICMP type 30 response to the packet's originator. It's a much more elegant solution, and it's a shame no major router vendor ever implemented it.) -mct

Follow-Ups:

Re: [PLUG] my first fw rules
From: epike@isinet.com

References:

[PLUG] my first fw rules
From: epike@isinet.com

Prev by Date: [PLUG] my first fw rules

Next by Date: Re: [PLUG] my first fw rules

Previous by thread: [PLUG] my first fw rules

Next by thread: Re: [PLUG] my first fw rules

Index(es):

Date

Thread