Firewall Wizards mailing list archives
Re: ICMP Packets.
From: "Don Kendrick" <dkendrick () mindspring com>
Date: Tue, 2 Jun 1998 07:57:09 -0400
In the standard configuration of you, with a perimeter router, connected point to point with an ISP's router; there's no reason I can think of other than troubleshooting to allow ICMP packets to enter your perimeter. Don -----Original Message----- From: Toddb <toddb () pacifier com> To: firewall-wizards () nfr net <firewall-wizards () nfr net> Date: Tuesday, June 02, 1998 2:21 AM Subject: ICMP Packets. To prohibit anyone from 'pinging' our router from the internet, I have disabled certain ICMP packets ( namely echo reply ) from exiting our external router interface. They are allowed in, but not out - which effectively disables someone from the outside pinging our router, but allows internal machines to ping the outside world. I have a couple of questions that someone may be able to answer. 1) Is there any reason that echo reply would need to be allowed out in response to an external request? I know this is the case for other ICMP messages such as packet-too-big, but I am not sure why echo-reply would ever be needed. 2) Is there a list of ICMP message types that are needed as opposed to ones that are just used for troubleshooting ( like echo, echo-reply ) that can be blocked without problems. Thanks, Todd toddb () pacifier com
Current thread:
- ICMP Packets. Toddb (Jun 01)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 02)
- Re: ICMP Packets. Bennett Todd (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. tqbf (Jun 02)
- Re: ICMP Packets. Darren Reed (Jun 03)
- <Possible follow-ups>
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. Alec Muffett - SunLabs (Jun 02)
- Re: ICMP Packets. James R Grinter (Jun 02)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets. Don Kendrick (Jun 02)
(Thread continues...)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 02)