I've tightened my filtering rules recently, but have a few questions regarding TCP SYN packets and ICMP packets.
Supposing I'm ACCEPTing on TCP ports 22, 25 and 80. I am ACCEPTing all packets for these 3 ports. I am ACCEPTing non-SYN for ports > 1023 I am DENYing for all other packets. How should ICMP packets be filtered? I'm was blocking them all, but I was getting a lot of traffic in my logs like: kernel: Packet log: input DENY eth1 PROTO=1 216.242.53.162:3 x.y.z.82:3 L=56 S=0x00 I=25760 F=0x0000 T=243 (#27) kernel: Packet log: input DENY eth1 PROTO=1 211.184.206.194:8 x.y.z.82:0 L=60 S=0x00 I=65280 F=0x0000 T=15 (#5) I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just afraid that I'm breaking a few RFCs doing this. Also... Is it a better idea to DENY or REJECT? What does Ye Olde RFC recommend? Which is safer? -B -- Brandon High [EMAIL PROTECTED] Stress is when you wake up screaming & you realize you haven't fallen asleep yet.
