Jean-Christian Imbeault, on Wednesday, Mar 5 2003 at 08:09, wrote: > I been googling the web trying to find what rules I should set up for > ICMP but I've seen some people say one thing while other say something > completely different. > > One question I have not been able to find an answer to though, should I > block ICMP messages of type 11 (TTL exceeded)? > > Also if anyone knows of a good resource that explains what ICMP messages > I should block (why and how :) could they let me know? I understand that > it of course depends on my level of paranoia and how friendly I want to > be to the rest of the net, but I get the feeling from my readings that > the are some ICMP messages that just should not be let through a > firewall .... Here are a good start point: http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html#ICMP http://www.sns.ias.edu/~jns/security/iptables/rules.html Although it's somewhat paranoid with icmp (e.g. the icmp_echo_ignore_all), you can tune it to your needs. (note also that the REJECT rule of auth port found there needs an output one with an OUTPUT DROP default policy, something like: iptables -A OUTPUT -o $IFACE -p tcp -m state --st REL --sp ident -j ACCEPT) Manuel
