Firewall Wizards mailing list archives

Re: ICMP Packets.

From: jrg () gbnet net (James R Grinter)
Date: Tue, 2 Jun 1998 16:19:21 +0100

On Tue 2 Jun, 1998, Henry Hertz Hobbit <hhhobbit () icarus weber edu> wrote:

said it before, if you don't need it, block it, both ways. In
other words, this applies to *everything*. If you don't NEED
the ICMP packets (all of them, not just the echo/echo-reply)
to go out, block them. Your actual needs, not somebody else's


this is sound advice - but - beware of ICMP packet types that are
fundamental to the correct operation of some protocols.

('path MTU discovery' leaps to mind here, as one thing that is blocked
in many places seemingly without regard to what that will break. If you
don't know what this does and what the implications are, this is a good
time to go and research.)

James.

Current thread:

ICMP Packets. Toddb (Jun 01)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 02)
  - Re: ICMP Packets. Bennett Todd (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. tqbf (Jun 02)
  - Re: ICMP Packets. Darren Reed (Jun 03)
- <Possible follow-ups>
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. Alec Muffett - SunLabs (Jun 02)
- Re: ICMP Packets. James R Grinter (Jun 02)
  - Re: ICMP Packets. Henry Hertz Hobbit (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 03)
    - Re: ICMP Packets. Bennett Todd (Jun 04)
    - Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 03)
    - Re: ICMP Packets. matthew green (Jun 04)
    - Re: ICMP Packets. Bennett Todd (Jun 04)

(Thread continues...)