Hi Scott,
I would drop that accept-traceroute-tcp term. It will allow any TCP
traffic with a TTL of 1. If you can fudge your TTL (Simple on linux,
just write the value to /proc/sys/net/ipv4/ip_default_ttl) then you
can connect to any open TCP port. Additionally I don't think I've seen
a
Hi All,
I am currently rewriting the inet6 firewall on a M120 and I am trying to
figure out how I can effectively filter traceroutes, especially tcp, as
hop-limit is supported on MX MIC/MPC only.
Any pointers are highly appreciated
The config is largely based on the Day One books, here is the
2 matches
Mail list logo