Re: blocking icmp...

To: Debian User <debian-user@lists.debian.org>
Subject: Re: blocking icmp...
From: Peter Hicks <petong@jah.net>
Date: Sun, 25 May 2003 08:54:19 -0700
Message-id: <[🔎] 20030525155419.GB1819@oaxaca.jah.net>
Mail-followup-to: Debian User <debian-user@lists.debian.org>
Reply-to: petong@jah.net
In-reply-to: <[🔎] 001a01c322c5$64bfd0e0$0b00a8c0@dm0nkz.net>
References: <[🔎] 001a01c322c5$64bfd0e0$0b00a8c0@dm0nkz.net>

On Sun, May 25, 2003 at 09:56:07PM +0800, Hanz wrote:
>In setting up a firewall will there be any negative side effects if i block
>icmp?
>Are there any services that depends on this? In my setup ill be running mail
>and
>web server in a DMZ.
>
>
>

You don't want to block all types of icmp packets. You probably should
block the following types: 5 9 10 15 16 17 18. If you don't want your
firewall to be pinged, add type 8 to that list. Here is a list of the
various icmp types. For more info, apt-get install doc-iana.



Type    Name                                    Reference
----    -------------------------               ---------
  0     Echo Reply                               [RFC792]
  1     Unassigned                                  [JBP]
  2     Unassigned                                  [JBP]
  3     Destination Unreachable                  [RFC792]
  4     Source Quench                            [RFC792]
  5     Redirect                                 [RFC792]
  6     Alternate Host Address                      [JBP]
  7     Unassigned                                  [JBP]
  8     Echo                                     [RFC792]
  9     Router Advertisement                    [RFC1256]
 10     Router Solicitation                     [RFC1256]
 11     Time Exceeded                            [RFC792]
 12     Parameter Problem                        [RFC792]
 13     Timestamp                                [RFC792]
 14     Timestamp Reply                          [RFC792]
 15     Information Request                      [RFC792]
 16     Information Reply                        [RFC792]
 17     Address Mask Request                     [RFC950]
 18     Address Mask Reply                       [RFC950]
 19     Reserved (for Security)                    [Solo]
 20-29  Reserved (for Robustness Experiment)        [ZSu]
 30     Traceroute                              [RFC1393]
 31     Datagram Conversion Error               [RFC1475]
 32     Mobile Host Redirect              [David Johnson]
 33     IPv6 Where-Are-You                 [Bill Simpson]
 34     IPv6 I-Am-Here                     [Bill Simpson]
 35     Mobile Registration Request        [Bill Simpson]
 36     Mobile Registration Reply          [Bill Simpson]
 37     Domain Name Request                     [Simpson]
 38     Domain Name Reply                       [Simpson]
 39     SKIP                                    [Markson]
 40     Photuris                                [Simpson]
 41-255 Reserved                                    [JBP]


-- 
Peter Hicks
GnuPG public key: http://jah.net/~petong/public_key.txt
Key Fingerprint: 4E24 3C78 A165 537C 729C  8D25 3547 3CE9 9E7D 42B6
Things will be bright in P.M. A cop will shine a light in your face.

Reply to:

References:
- blocking icmp...
  - From: "Hanz" <hanzy@info.com.ph>

Prev by Date: Re: E: Package gnumeric has no installation candidate
Next by Date: Re: Resistance Is Futile.
Previous by thread: Re: blocking icmp...
Next by thread: wvdial and winmodem
Index(es):
- Date
- Thread