Date: Tue, 15 Jun 1999 16:56:49 +0200 From: Juergen Nickelsen <ni@tellique.de> To: sporkl@ix.netcom.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: firewalls Message-ID: <376669B1.F7E6A746@tellique.de> References: <Pine.BSF.4.05.9906121112550.6023-100000@pigstuy.penguinpowered.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Spike wrote: > Which are appropriate to block? On my own firewall, I let pass the ICMP types 0 Echo Reply [RFC792] 3 Destination Unreachable [RFC792] 4 Source Quench [RFC792] 8 Echo [RFC792] 11 Time Exceeded [RFC792] 12 Parameter Problem [RFC792] 13 Timestamp [RFC792] 14 Timestamp Reply [RFC792] 15 Information Request [RFC792] 16 Information Reply [RFC792] 17 Address Mask Request [RFC950] 18 Address Mask Reply [RFC950] 30 Traceroute [RFC1393] 31 Datagram Conversion Error [RFC1475] (excerpted from RFC 1700) For completeness, these are the other types that are blocked: 1 Unassigned [JBP] 2 Unassigned [JBP] 5 Redirect [RFC792] 6 Alternate Host Address [JBP] 7 Unassigned [JBP] 9 Router Advertisement [RFC1256] 10 Router Selection [RFC1256] 19 Reserved (for Security) [Solo] 20-29 Reserved (for Robustness Experiment) [ZSu] 32 Mobile Host Redirect [David Johnson] 33 IPv6 Where-Are-You [Bill Simpson] 34 IPv6 I-Am-Here [Bill Simpson] 35 Mobile Registration Request [Bill Simpson] 36 Mobile Registration Reply [Bill Simpson] 37-255 Reserved [JBP] I am not *really* sure if this is all ok, and I would appreciate a more authoritative response. Greetings, Juergen. -- Juergen Nickelsen <ni@tellique.de> Tellique Kommunikationstechnik GmbH Gustav-Meyer-Allee 25, 13355 Berlin, Germany Tel. +49 30 46307-552 / Fax +49 30 46307-579 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?376669B1.F7E6A746>