On Mon, Aug 07, 2000 at 08:32:47PM +0800, Ronneil Camara wrote:
> I have found an ICMP Type and codes.
> So which Type should I ALLOW and which Type should I DENY?
> Type Code Name
> 0 * Echo Reply
> 3 * Destination Unreachable
> 0 Net Unreachable
> 1 Host Unreachable
> 3 Port unreachable
> 4 Fragmentation Needed but DF set
You need this last one (3:0, ICMP_DEST_UNREACH:ICMP_FRAG_NEEDED)
in order to get MTU discovery to work. Breaking that can be a bad thing.
BTW... I have "ICMP_DEST_UNREACH" all the way up to 15 (which is
"ICMP_PREC_CUTOFF" - Precedence cut off).
> 4 * Source Quench
>
> 5 * Redirect
>
> 8 * Echo Request
>
> 9 * Router Advertisement
>
> 11 * Time Exceeded In Transit
> 0 TTL Exceeded
> 1 Fragment reassembly timeout
>
> 12 * Parameter Problem
Kill everything else at your perimeter.
> Thank you very much.
> --
> .-------------------------------------------------------.
> .^. | Ronneil R. Camara | [EMAIL PROTECTED] |
> /V\ |--------------------| +632 6354086 +63917 5326993 |
> // \\ | "Anyone who has `----------------------------------|
> /( )\ | never made a mistake has never tried anything new." |
> ^^-^^ `-------------------------------------------------------'
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
