Packet filtering help
I've tightened my filtering rules recently, but have a few questions
regarding TCP SYN packets and ICMP packets.
Supposing I'm ACCEPTing on TCP ports 22, 25 and 80.
I am ACCEPTing all packets for these 3 ports.
I am ACCEPTing non-SYN for ports > 1023
I am DENYing for all other packets.
How should ICMP packets be filtered? I'm was blocking them all, but I was
getting a lot of traffic in my logs like:
kernel: Packet log: input DENY eth1 PROTO=1 220.127.116.11:3 x.y.z.82:3 L=56 S=0x00 I=25760 F=0x0000 T=243 (#27)
kernel: Packet log: input DENY eth1 PROTO=1 18.104.22.168:8 x.y.z.82:0 L=60 S=0x00 I=65280 F=0x0000 T=15 (#5)
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just afraid
that I'm breaking a few RFCs doing this.
Is it a better idea to DENY or REJECT? What does Ye Olde RFC recommend?
Which is safer?
Brandon High firstname.lastname@example.org
Stress is when you wake up screaming & you realize you haven't fallen