> Can anyone tell me what ICMP Packets are safe and desirable to accept, > and which ones should be rejected for security reasons? Generally you can disallow all incoming ICMP and allow only via RELATED match. This way only valid echo requests are processed. I recommend sth like this.
1. -N icmp_check 2. -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 3. -A FORWARD -p icmp -j icmp_check 4. -A icmp_check -p icmp --icmp-type 8 -m limit --limit 5/s -j ACCEPT You can also add -m length to the 4th line. During normal operating conditions, you should get icmp unreachables icmp ttl exceeded icmp requests/replies (replies SHOULD be checked via established, as this type of icmp can be used to map an internal network) icmp redirect issued by a router to the INTERNAL network only. On security with icmp i recommend Ofir Arkin's research papers downloadable from: http://www.sys-security.com (or .net i don't remember) Regards Maciej Soltysiak
