Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] PING when mail arrives
  • From: Hans Peter Wiedau <hpw-nl@xxxxxxxxxxxxx>
  • Date: Wed, 13 Dec 2000 11:53:00 +0100
  • Message-id: <20001213115300.A13193@xxxxxxxxxxxxxxxxxxxxxxxxxx>
On Wed, Dec 13, 2000 at 11:27:22AM +0100, Oliver Hensel wrote:
> Hi.
>
> I think you have it backwards here:
> Firewalls should _always_ be configured as default DENY (or DROP with
> NetFilter), then open up those you really need and want.
>
> Concerning ICMP, here is what I do with most of the firewalls I
> configured:
>
> Outbound:
> - echo-request (ping)
>
> Inbound:
> - echo-reply (pong)
> - fragmentation-needed (for pmtu-discovery)
> - source-quench (router is overloaded)
> - time-exceeded
> - parameter-problem

In addition I always accept destination-unreachable.

cu,

Hans Peter

< Previous Next >
References