[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packet filtering help

Quoting <>:

> On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:
> > One thing that I forgot to mention in my previous post is that it is
> vitally
> > important that you block all ICMP traffic to/from your broadcast and
> network
> > addresses. This stops you and machines you route from being broadcast
> > amplifiers.
> But you certainly don't need a firewall to do that.  See
> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Yes the kernel does have this feature but it protects the host only. It is best
to have both in use because it is better to have multiple layers of protection
rather than one ;)

Adding a tightly configured firewall does not make you secure but it does give
you a layer of protection. Adding extra host based security as well will give
you yet another layer of security.

While this is not complete security it certainly brings one closer to the great
security panacea :p


Simon Murcott
e. simon@murcott.net
m. +6421 304555

Reply to: