From owner-freebsd-security  Mon Aug 21  1:28:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5])
	by hub.freebsd.org (Postfix) with ESMTP id 3611737B42C
	for <freebsd-security@FreeBSD.ORG>; Mon, 21 Aug 2000 01:28:39 -0700 (PDT)
Received: from localhost (mipam@localhost)
	by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id KAA07314;
	Mon, 21 Aug 2000 10:28:20 +0200
Date: Mon, 21 Aug 2000 10:28:20 +0200 (MET DST)
From: Mipam <mipam@ibb.net>
To: William Wong <willwong@anime.ca>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: icmptypes
In-Reply-To: <004501c00b49$37be2420$0300a8c0@anime.ca>
Message-ID: <Pine.LNX.3.95.1000821102609.7312A-100000@ux1.ibb.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sure sure....

Basically, you just wish to allow icmp requests and icmp reply's (type 8
and 0).
Deny the rest. Also make sure to deny any icmp fragmented packets.
For the rest what you wish to deny or allow is up to you :)
Bye,

Mipam.


On Mon, 21 Aug 2000, William Wong wrote:

> Hi there,
> 
> When building a firewall, is there any advantage to restricting allowed icmp
> types?
> And if there is, which icmptypes should be allowed in at the minimum?
> 
> - Will
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message