* Re: Essential ICMP
[not found] <Pine.LNX.4.44.0502171900280.31686-100000@localhost.localdomain>
@ 2005-02-18 13:49 ` Gavin Hamill
0 siblings, 0 replies; 2+ messages in thread
From: Gavin Hamill @ 2005-02-18 13:49 UTC (permalink / raw)
To: netfilter
On Friday 18 February 2005 00:30, Dean Anderson wrote:
> No, that would be wildly wrong.
>
> Necessary messages: (never block)
> 3 Destination Unreachable
> (block code 4 and break PATH MTU)
> (other codes are "Nice")
Oh nice tip :)
It made me revisit my firewall script, and I found this:
$IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT #dest unreach
So I had the right idea to permit dest-unreach.. just had the wrong
type-number.. thanks for the memory jog!
Cheers,
Gavin.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Essential ICMP
@ 2005-02-18 17:50 Rudi Starcevic
0 siblings, 0 replies; 2+ messages in thread
From: Rudi Starcevic @ 2005-02-18 17:50 UTC (permalink / raw)
To: netfilter
Hi,
I'd like to allow only the essential ICMP message messages.
This is for a very busy web server using about 60MB/per sec.
I have this list of what I think are the essential ICMP types I should
allow.
Do you think this is correct?
Am I missing anything ?
ICMP,Type,Code Used By
0 0 Ping
3 4 Path-MTU Discovery
4 0 Source Quench
8 0 Ping
11 0 traceroute
Many thanks.
Regards Rudi
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 14/02/2005
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-02-18 17:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-18 17:50 Essential ICMP Rudi Starcevic
[not found] <Pine.LNX.4.44.0502171900280.31686-100000@localhost.localdomain>
2005-02-18 13:49 ` Gavin Hamill
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.