[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packet filtering help

On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:

> One thing that I forgot to mention in my previous post is that it is vitally
> important that you block all ICMP traffic to/from your broadcast and network
> addresses. This stops you and machines you route from being broadcast
> amplifiers.

But you certainly don't need a firewall to do that.  See

It also worth looking at /proc/sys/net/ipv4/icmp_echoreply_rate and
/proc/sys/net/ipv4/icmp_destunreach_rate to rate-limit the destination
unreachable and echo reply packets you'll send out.  Rate limiting those
ICMP types will further protect you from involvement in DoS attacks.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpIsYbgqumJX.pgp
Description: PGP signature

Reply to: