On 23 Jun, Sorin Florea wrote:
>
> Is there any reason to let ICMP fragments pass trough my firewall?
> I think ipchains with -f option will kill them but only begining
> with the second.
> I'm also blockin' ICMP protocol unreachable and port unreachable.
> What other ICMP packets can I safely block?
> Thanks.
>
> -------------------------
> Sorin Florea
> e-mail: [EMAIL PROTECTED]
> Romania Data Systems
> Constanta
> -------------------------
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
..... ICMP "fragments"? I wasn't aware they existed...
You can block echo requests, timestamp requests, and address-mask
requests. In fact, you _should_ block those.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
