Firewall Wizards mailing list archives
Re: ICMP Packets.
From: john_smith () rd qms com
Date: Fri, 05 Jun 98 08:01:19 -0600
I knew I had seen this thread before. Searched my personal archives and came across it in the Firewalls Digest (V6 #295, #299, #304 and #305) under the thread titled "what ICMP should i allow through?". Based on that discussion we modified our filter rules as follows: Inbound Allow: - echo (type 8/code 0) - paramter-problem (12/[0|1]) - source-quench (4/0) - ttl-exceeded (11/[0|1]) Deny all other inbound ICMP. Outbound we allow all ICMP packets. This complies with our policy of permit all outbound and deny all inbound except what is specifically permitted. This list works *for us* and does not seem to cause any connection problems (at least no customer connectivity complaints). If any of you spot any obvious problems with this please point them out. jcs John C. Smith Sys Admin/Jack-of-all-trades QMS, Inc. 1 Magnum Pass Mobile, AL 36618, USA (334) 633-4300 john_smith () rd qms com
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. Darren Reed (Jun 05)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Aleph One (Jun 12)