Welcome to Geeklog, Anonymous Saturday, December 21 2024 @ 10:01 am EST
Geeklog Forums
Configuring ICMP through a firewall?
Status: offline
AA6QN
Forum User
Junior
Registered: 12/30/06
Posts: 16
I was looking for what type of ICMP packet (which is used for trackback/ping-o-matic) that I need to configure at the firewall to allow into the DMZ (where the Geeklog server resides).
Currently using a pfSense firewall on a Soekris SBC which can parse the many ICMP attributes.
Thank you in advance, JohnF
Currently using a pfSense firewall on a Soekris SBC which can parse the many ICMP attributes.
Thank you in advance, JohnF
26
16
Quote
Status: offline
AA6QN
Forum User
Junior
Registered: 12/30/06
Posts: 16
Here are the ICMP attributes inwhich I am working with:
Echo
Echo Reply
Destination Unreachable
Source Quench
Redirect
Alt Host
Router Advertisement
Router Solicitation
Time Exceeded
Invalid IP Header
Timestamp
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply
Echo
Echo Reply
Destination Unreachable
Source Quench
Redirect
Alt Host
Router Advertisement
Router Solicitation
Time Exceeded
Invalid IP Header
Timestamp
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply
20
20
Quote
Anonymous
Anonymous
ICMP Attacks Mitigation
Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:
* Allow ping ICMP Echo-Request outbound and Echo-Reply messages inbound.
* Allow traceroute TTL-Exceeded and Port-Unreachable messages inbound.
* Allow path MTU ICMP Fragmentation-DF-Set messages inbound.
* Blocking other types of ICMP traffic
Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:
* Allow ping ICMP Echo-Request outbound and Echo-Reply messages inbound.
* Allow traceroute TTL-Exceeded and Port-Unreachable messages inbound.
* Allow path MTU ICMP Fragmentation-DF-Set messages inbound.
* Blocking other types of ICMP traffic
18
22
Quote
All times are EST. The time is now 10:01 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content