Hello lina, this is a rather strange name :)
lina <lina.lastn...@gmail.com> wrote:
> BTW, why need allow ping? from outside?
> 59 # Allow ping
> 60 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
It doesn’t help to block ICMP echo requests:
- if you block them by dropping them, the other party knows that
you are (most likely) there, since otherwise the last-but-one hop
would return ‘No route to host’.
- if you block them by rejecting them, the other party knows that you
are there.
- if you accept them, the other party knows that you are there and is
able to link no replies to network problems (see first point).
While it is technically possible to block these requests for IPv4,
you should never block ICMPv6, since it is necessary to do SLAAC.
Best regards,
Claudius
--
A board is the planck unit of boredom.
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
