Re: blocking icmp...
On Sun, May 25, 2003 at 09:56:07PM +0800, Hanz wrote:
>In setting up a firewall will there be any negative side effects if i block
>icmp?
>Are there any services that depends on this? In my setup ill be running mail
>and
>web server in a DMZ.
>
>
>
You don't want to block all types of icmp packets. You probably should
block the following types: 5 9 10 15 16 17 18. If you don't want your
firewall to be pinged, add type 8 to that list. Here is a list of the
various icmp types. For more info, apt-get install doc-iana.
Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Solicitation [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37 Domain Name Request [Simpson]
38 Domain Name Reply [Simpson]
39 SKIP [Markson]
40 Photuris [Simpson]
41-255 Reserved [JBP]
--
Peter Hicks
GnuPG public key: http://jah.net/~petong/public_key.txt
Key Fingerprint: 4E24 3C78 A165 537C 729C 8D25 3547 3CE9 9E7D 42B6
Things will be bright in P.M. A cop will shine a light in your face.
Reply to: