[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Packet filtering help

I've tightened my filtering rules recently, but have a few questions
regarding TCP SYN packets and ICMP packets.

Supposing I'm ACCEPTing on TCP ports 22, 25 and 80.
I am ACCEPTing all packets for these 3 ports.
I am ACCEPTing non-SYN for ports > 1023
I am DENYing for all other packets.

How should ICMP packets be filtered? I'm was blocking them all, but I was
getting a lot of traffic in my logs like:
kernel: Packet log: input DENY eth1 PROTO=1 x.y.z.82:3 L=56 S=0x00 I=25760 F=0x0000 T=243 (#27)
kernel: Packet log: input DENY eth1 PROTO=1 x.y.z.82:0 L=60 S=0x00 I=65280 F=0x0000 T=15 (#5)

I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just afraid
that I'm breaking a few RFCs doing this.


Is it a better idea to DENY or REJECT? What does Ye Olde RFC recommend?
Which is safer?


Brandon High                                     armitage@freaks.com
Stress is when you wake up screaming & you realize you haven't fallen
asleep yet.

Reply to: