Unable to block ICMP
Dean Anderson
dean at av8.com
Sun Apr 15 22:29:31 CEST 2007
On Sun, 15 Apr 2007, Ronald wrote:
> Well, what I actually wanted (which I probably explained wrong) is that
> my ports that are not in use (closed) are being invisible (no ICMP
> echo). That better?
ICMP echo is not a per-port operation. I don't know what the site you
quote means by 'closed'. Also, blocking all ICMP is never a really good
idea: (recently updated)
http://www.av8.net/ICMPTypes.txt
I agree with the other posters': that you should block TCP and UDP
connections to all ports by default, and open only those that you trust
are exposable to the world, or better, just to whomever you have to
expose them to.
I suggest searching for instructions on how to do linux firewalls, and
following them, rather than trying to roll your own rules by trial and
error.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the netfilter
mailing list