On Wed, Dec 19, 2001 at 02:36:27PM +0100, Leonard den Ottolander wrote: > Hi, > > A friend for whom I build a RH 6.2 firewall found the following entry in his > log: > Dec 16 12:32:38 xxxxxxxx kernel: IP_MASQ:reverse ICMP: failed checksum from > 213.145.187.145! > Does anybody know what this person is trying to achieve? Should I block > certain ICMP messages on this masquearading firewall? Which ICMP messages > should I definitely allow to pass through the firewall? Any links to short > introductions to ICMP? Thanx.
I allow incoming: $IPTABLES -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT then drop the rest. It would be interesting to other opinions... #iptables -p icmp -h Valid ICMP Types: echo-reply (pong) destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request (ping) router-advertisement router-solicitation time-exceeded (ttl-exceeded) ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply -- Hal Burgiss _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list