Welcome to Geeklog, Anonymous Monday, October 03 2022 @ 03:01 pm EDT

Geeklog Forums

Configuring ICMP through a firewall?


Status: offline

AA6QN

Forum User
Junior
Registered: 12/30/06
Posts: 16
I was looking for what type of ICMP packet (which is used for trackback/ping-o-matic) that I need to configure at the firewall to allow into the DMZ (where the Geeklog server resides).

Currently using a pfSense firewall on a Soekris SBC which can parse the many ICMP attributes.

Thank you in advance, JohnF
 Quote

Status: offline

AA6QN

Forum User
Junior
Registered: 12/30/06
Posts: 16
Here are the ICMP attributes inwhich I am working with:

Echo
Echo Reply
Destination Unreachable
Source Quench
Redirect
Alt Host
Router Advertisement
Router Solicitation
Time Exceeded
Invalid IP Header
Timestamp
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply
 Quote

Anonymous

Anonymous
ICMP Attacks Mitigation

Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:

* Allow ping ICMP Echo-Request outbound and Echo-Reply messages inbound.
* Allow traceroute TTL-Exceeded and Port-Unreachable messages inbound.
* Allow path MTU ICMP Fragmentation-DF-Set messages inbound.
* Blocking other types of ICMP traffic
 Quote

All times are EDT. The time is now 03:01 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content