Unable to block ICMP

Dean Anderson dean at av8.com
Sun Apr 15 22:29:31 CEST 2007


On Sun, 15 Apr 2007, Ronald wrote:

> Well, what I actually wanted (which I probably explained wrong) is that 
> my ports that are not in use (closed) are being invisible (no ICMP 
> echo). That better?

ICMP echo is not a per-port operation.  I don't know what the site you
quote means by 'closed'.  Also, blocking all ICMP is never a really good
idea: (recently updated)

http://www.av8.net/ICMPTypes.txt

I agree with the other posters': that you should block TCP and UDP
connections to all ports by default, and open only those that you trust
are exposable to the world, or better, just to whomever you have to
expose them to.

I suggest searching for instructions on how to do linux firewalls, and
following them, rather than trying to roll your own rules by trial and
error.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   





More information about the netfilter mailing list