[olug] help with iptables firewall
Luke -Jr
luke at dashjr.org
Fri Jul 27 14:47:29 UTC 2007
On Wed, 25 Jul 2007, Dave Hull wrote:
> The recommended best practice is to block ICMP echo requests and
> replies and to block outgoing time exceeded and host unreachable
> messages. Doing this may prevent attackers from firewalking your
> firewall.
Recommended by whom? Blocking ICMP echo is always a bad idea as network
protocols assume a non-response means the IP address is unused. I can't think
of any reason to block other ICMP packets either, except as general rudeness.
ICMP is responsible for keeping networks working sanely, it doesn't have any
realistic security problems.
More information about the OLUG
mailing list