Welcome to Geeklog, Anonymous Monday, May 27 2024 @ 10:11 pm EDT

Geeklog Forums

Configuring ICMP through a firewall?

Status: offline


Forum User
Registered: 12/30/06
Posts: 16
I was looking for what type of ICMP packet (which is used for trackback/ping-o-matic) that I need to configure at the firewall to allow into the DMZ (where the Geeklog server resides).

Currently using a pfSense firewall on a Soekris SBC which can parse the many ICMP attributes.

Thank you in advance, JohnF

Status: offline


Forum User
Registered: 12/30/06
Posts: 16
Here are the ICMP attributes inwhich I am working with:

Echo Reply
Destination Unreachable
Source Quench
Alt Host
Router Advertisement
Router Solicitation
Time Exceeded
Invalid IP Header
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply


ICMP Attacks Mitigation

Most ICMP attacks can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy destinations. In addition, to keep a reasonable balance between services and security, you should configure your ICMP parameters in your network devices as follows:

* Allow ping ICMP Echo-Request outbound and Echo-Reply messages inbound.
* Allow traceroute TTL-Exceeded and Port-Unreachable messages inbound.
* Allow path MTU ICMP Fragmentation-DF-Set messages inbound.
* Blocking other types of ICMP traffic

All times are EDT. The time is now 10:11 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content