On Wed, Dec 19, 2001 at 02:36:27PM +0100, Leonard den Ottolander wrote:
> Hi,
>
> A friend for whom I build a RH 6.2 firewall found the following entry in his
> log:
> Dec 16 12:32:38 xxxxxxxx kernel: IP_MASQ:reverse ICMP: failed checksum from
> 213.145.187.145!
> Does anybody know what this person is trying to achieve? Should I block
> certain ICMP messages on this masquearading firewall? Which ICMP messages
> should I definitely allow to pass through the firewall? Any links to short
> introductions to ICMP? Thanx.
I allow incoming:
$IPTABLES -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
then drop the rest. It would be interesting to other opinions...
#iptables -p icmp -h
Valid ICMP Types:
echo-reply (pong)
destination-unreachable
network-unreachable
host-unreachable
protocol-unreachable
port-unreachable
fragmentation-needed
source-route-failed
network-unknown
host-unknown
network-prohibited
host-prohibited
TOS-network-unreachable
TOS-host-unreachable
communication-prohibited
host-precedence-violation
precedence-cutoff
source-quench
redirect
network-redirect
host-redirect
TOS-network-redirect
TOS-host-redirect
echo-request (ping)
router-advertisement
router-solicitation
time-exceeded (ttl-exceeded)
ttl-zero-during-transit
ttl-zero-during-reassembly
parameter-problem
ip-header-bad
required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply
--
Hal Burgiss
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
