Fri, 05 Jun 98 08:01:19 -0600
I knew I had seen this thread before. Searched my personal
archives and came across it in the Firewalls Digest (V6 #295, #299,
#304 and #305) under the thread titled "what ICMP should i allow
through?". Based on that discussion we modified our filter rules as
- echo (type 8/code 0)
- paramter-problem (12/[0|1])
- source-quench (4/0)
- ttl-exceeded (11/[0|1])
Deny all other inbound ICMP.
Outbound we allow all ICMP packets.
This complies with our policy of permit all outbound and deny all
inbound except what is specifically permitted. This list works *for
us* and does not seem to cause any connection problems (at least no
customer connectivity complaints).
If any of you spot any obvious problems with this please point them
John C. Smith
1 Magnum Pass
Mobile, AL 36618, USA