From owner-freebsd-security  Sat Jun 12 10:44:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns.mt.sri.com (unknown [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP id E5C5414E84
	for <freebsd-security@FreeBSD.ORG>; Sat, 12 Jun 1999 10:44:40 -0700 (PDT)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id LAA11129;
	Sat, 12 Jun 1999 11:44:05 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id LAA24411; Sat, 12 Jun 1999 11:44:04 -0600
Date: Sat, 12 Jun 1999 11:44:04 -0600
Message-Id: <199906121744.LAA24411@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: sporkl@ix.netcom.com
Cc: Nate Williams <nate@mt.sri.com>,
	Pete Fritchman <petef@netreach.net>,
	Ruslan Ermilov <ru@ucb.crimea.ua>,
	"Jason L. Schwab" <jschwab@royal.net>, ghandi@mindless.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: firewalls
In-Reply-To: <Pine.BSF.4.05.9906121112550.6023-100000@pigstuy.penguinpowered.com>
References: <199906120353.VAA23229@mt.sri.com>
	<Pine.BSF.4.05.9906121112550.6023-100000@pigstuy.penguinpowered.com>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > [ blocking all ICMP packets ]
> > > I did it before and it worked fine.
> > 
> > It will affect people trying to connect to you though.  *DON'T* firewall
> > something unless you know the effects of it.  Blocking all ICMP is a
> > violation of RFC, and shows that you don't understand how TCP/IP works.
> > 
> > *MOST* of the ICMP types can be blocked, but not all of them.
> 
> Which are appropriate to block? 

There was a URL posted in the original response that explains most of
this.


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message