On Friday 11 February 2005 18:06, Jason Opperisano wrote: > On Fri, Feb 11, 2005 at 05:57:16PM +0300, Mikhail Zotov wrote: > > Hello everybody, > > > > I have written an iptables script to protect a machine/LAN > > and I'd like to clarify an issue about RELATED ICMP packets > > of type 3 (actually, mostly 3/1). > > > > As far as I understand, it is safe to ACCEPT incoming > > packets of this sort. > > yes. personally (for whatever that is worth), i allow ICMP Types 3, 11, > and 12 [*]. Thank you for the reply! I do ACCEPT ICMP packets of types 11 and 12, too. > > Is it safe to allow _outgoing_ packets of this kind? > > Can an attacker make my machine generate such packets > > in order to obtain information about it? (All new > > incoming packets are just DROPped.) > > yes. Does "yes" correspond to "Is it safe...?" or to "Can an attacker..."? Regards, Mikhail
