Re: Packet filtering help

To: debian-security@lists.debian.org
Subject: Re: Packet filtering help
From: Simon Murcott <simon@murcott.net>
Date: Tue, 10 Apr 2001 10:56:30 +1200 (NZST)
Message-id: <986856990.3ad23e1e48fcd@www.murcott.net>
In-reply-to: <20010409180819.C28745@morgul.net>
References: <Pine.LNX.4.21.0104091204330.5024-100000@schitzo.freaks.com> <986853592.3ad230d8a0373@www.murcott.net> <20010409180819.C28745@morgul.net>

Quoting &lt;&gt;:

> On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:
> 
> > One thing that I forgot to mention in my previous post is that it is
> vitally
> > important that you block all ICMP traffic to/from your broadcast and
> network
> > addresses. This stops you and machines you route from being broadcast
> > amplifiers.
> 
> But you certainly don't need a firewall to do that.  See
> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Yes the kernel does have this feature but it protects the host only. It is best
to have both in use because it is better to have multiple layers of protection
rather than one ;)

Adding a tightly configured firewall does not make you secure but it does give
you a layer of protection. Adding extra host based security as well will give
you yet another layer of security.

While this is not complete security it certainly brings one closer to the great
security panacea :p

Regards

Simon Murcott
e. simon@murcott.net
m. +6421 304555

Reply to:

References:
- Packet filtering help
  - From: Brandon High <armitage@freaks.com>
- Re: Packet filtering help
  - From: Simon Murcott <simon@murcott.net>
- Re: Packet filtering help
  - From: <list@lists.debian.org>

Prev by Date: Re: Packet filtering help
Next by Date: Re: Packet filtering help
Previous by thread: Re: Packet filtering help
Next by thread: IPChains help
Index(es):
- Date
- Thread