I've tightened my filtering rules recently, but have a few questions
regarding TCP SYN packets and ICMP packets.
Supposing I'm ACCEPTing on TCP ports 22, 25 and 80.
I am ACCEPTing all packets for these 3 ports.
I am ACCEPTing non-SYN for ports > 1023
I am DENYing for all other packets.
How should ICMP packets be filtered? I'm was blocking them all, but I was
getting a lot of traffic in my logs like:
kernel: Packet log: input DENY eth1 PROTO=1 216.242.53.162:3 x.y.z.82:3 L=56 S=0x00
I=25760 F=0x0000 T=243 (#27)
kernel: Packet log: input DENY eth1 PROTO=1 211.184.206.194:8 x.y.z.82:0 L=60 S=0x00
I=65280 F=0x0000 T=15 (#5)
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just afraid
that I'm breaking a few RFCs doing this.
Also...
Is it a better idea to DENY or REJECT? What does Ye Olde RFC recommend?
Which is safer?
-B
--
Brandon High [EMAIL PROTECTED]
Stress is when you wake up screaming & you realize you haven't fallen
asleep yet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
