Re: How to work with my iptables script
Tom Geissler wrote:
> * Ansgar -59cobalt- Wiechers <lists@planetcobalt.net> [25-08-04 12:40]:
>
>>On 2004-08-25 Jacob Friis Larsen wrote:
>>
>>>...
>>># STATE RELATED for router
>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>>I would rather add a rule to accept ESTABLISHED,RELATED traffic in the
>>OUTPUT chain and set the default OUTPUT policy to DROP.
>>
>>You should also allow ICMP (at least some types) and REJECT TCP traffic
>>(with RST) rather than just DROP it. IMHO.
>
>
> Allow ICMP-Types 0, 3, 4, 8, 11 ,12 and REJECT also UDP traffic with
> 'port-unreachable'
>
What about icmp type 12? Actually I drop it; but I'm not sure about it.
Moreover I drop !related,established udp packets.
Am I wrong? If so, why?
Regards
Radel
**************************************************************************
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale.
Qualora non foste i destinatari, vogliate immediatamente informarci
con lo stesso mezzo ed eliminare il messaggio, con gli eventuali allegati,
senza trattenerne copia. Qualsivoglia utilizzo non autorizzato del
contenuto di questo messaggio costituisce violazione dell'obbligo di non
prendere cognizione della corrispondenza tra altri soggetti, salvo piu'
grave illecito, ed espone il responsabile alle relative conseguenze civili
e penali.
This message is being sent from Starcom Italia Srl and may
contain information which is confidential or privileged. If you are not
the intended recipient, please advise the sender immediately by reply
e-mail and delete this message and any attachments without retaining a
copy. Any unauthorized use of the content of this message is a breach of
your duty to respect the confidentiality of the correspondence between
other persons and can expose the responsible party to civil and/or
criminal penalties, and may constitute a more serious offense.
**************************************************************************
Reply to: