From owner-freebsd-security Sat Jun 12 8:18: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from dfw-ix10.ix.netcom.com (dfw-ix10.ix.netcom.com [206.214.98.10]) by hub.freebsd.org (Postfix) with ESMTP id 1B95514DF9 for ; Sat, 12 Jun 1999 08:17:55 -0700 (PDT) (envelope-from spork@narcissus.net) Received: (from smap@localhost) by dfw-ix10.ix.netcom.com (8.8.4/8.8.4) id KAA09093; Sat, 12 Jun 1999 10:13:50 -0500 (CDT) Received: from nyc-ny68-21.ix.netcom.com(209.109.225.213) by dfw-ix10.ix.netcom.com via smap (V1.3) id rma008972; Sat Jun 12 10:13:19 1999 Date: Sat, 12 Jun 1999 11:13:03 -0400 (EDT) From: Spike X-Sender: spork@pigstuy.penguinpowered.com Reply-To: sporkl@ix.netcom.com To: Nate Williams Cc: Pete Fritchman , Ruslan Ermilov , "Jason L. Schwab" , ghandi@mindless.com, freebsd-security@FreeBSD.ORG Subject: Re: firewalls In-Reply-To: <199906120353.VAA23229@mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 11 Jun 1999, Nate Williams wrote: > [ blocking all ICMP packets ] > > I did it before and it worked fine. > > It will affect people trying to connect to you though. *DON'T* firewall > something unless you know the effects of it. Blocking all ICMP is a > violation of RFC, and shows that you don't understand how TCP/IP works. > > *MOST* of the ICMP types can be blocked, but not all of them. Which are appropriate to block? > > > > Nate > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -Spike Gronim sporkl@ix.netcom.com Finger gronimw@shell.stuy.edu for PGP public key. The majority only rules those who let them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message