Posted on: 02/19/07 04:51pm
By: AA6QN
I was looking for what type of ICMP packet (which is used for trackback/ping-o-matic) that I need to configure at the firewall to allow into the DMZ (where the Geeklog server resides).
Currently using a pfSense firewall on a Soekris SBC which can parse the many ICMP attributes.
Thank you in advance, JohnF
Re: Configuring ICMP through a firewall?
Posted on: 02/20/07 08:42am
By: AA6QN
Here are the ICMP attributes inwhich I am working with:
Echo
Echo Reply
Destination Unreachable
Source Quench
Redirect
Alt Host
Router Advertisement
Router Solicitation
Time Exceeded
Invalid IP Header
Timestamp
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply
Re: Configuring ICMP through a firewall?
Posted on: 06/05/07 08:51am
By: Anonymous (Anonymous)
ICMP Attacks Mitigation
Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:
* Allow ping ICMP Echo-Request outbound and Echo-Reply messages inbound.
* Allow traceroute TTL-Exceeded and Port-Unreachable messages inbound.
* Allow path MTU ICMP Fragmentation-DF-Set messages inbound.
* Blocking other types of ICMP traffic