RE: traceroute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le jeu 01/07/2004 à 11:52, Piszcz, Justin Michael a écrit :
> He was talking about pinging from behind his NAT, it has nothing to do
> with people pinging him, FYI.

I picked the thread at this stage, and for what I understood, your
statement about ICMP filtering was far more general than this very
situation with some profitable ruleset :

> ICMP is "allowed" when you -I INPUT ESTABLISHED,RELATED.
> You do not have to allow it explicitly (ie: allow icmp so other
> machines can ping your machine).


Anyway, even in this kind of situation, NAT handling is one thing, and
filtering is another. So, depending on how your filtering rules are
implemented, your statement remains wrong.

I don't mean to be aggressive upon you, but for what I read from this
thread, you made a wrong statement about ICMP filtering, and that's it.
Bas faith arguing on some special background context has no relevance.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux