[LUNI] What do you think of this firewall ruleset? Any comments/improvements?
scott at thomasons.org
Tue Mar 26 20:07:05 CST 2002
...and finally, I would consider narrowing the universe of icmp
message types allowed. You can allow outbound pings w/o allowing
inbound pings, for example. You can also disallow many of the
various icmp types from the outside world. Check out
http://industrial-linux.org/mlug/2000-11-11/#ip2 for various types.
I'm a bit restrictive when it comes to icmp. I ignore all inbound
pings but I allow outbound pings; then I allow parameter-problem,
source-quench, and inbound destination-unreachable & time-exceeded.
The rest gets /dev/null'ed. I may be a tad anti-social with those
settings, but I haven't had any complaints about site inaccessibility
More information about the luni