Limiting closed port RST

Ivo Hazmuk ivo at vutbr.cz
Tue Feb 4 17:48:12 CET 2003

Previous message: Limiting closed port RST
Next message: Limiting closed port RST
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj,

> ipfw allow icmp from <specifikovanaip> to <mojeip>

mozna by to slo napsat trochu lepe:
ipfw allow icmp from <specifikovanaip> to me

> ipfw allow icmp from <mojeip> to <specifikovanaip>

ipfw allow icmp from me to <specifikovanaip>

> ipfw deny icmp from any to any icmptype 0,3,13,14,15,16

pozor toto zakaze fragmenty.

> 	Tato sekvence pravidel nezakazuje zdaleka vsechny typy ICMP. Vyslovne
> varuji, ze zakazat nektere ICMP bez dostatecne dobre znalosti toho, jak
> IP funguje je hrani si z ohnem. ICMP je integralni soucasti IP
> protokolu, vetsina zprav je dulezita pro jeho spravnou funkcnost a
> nektere jsou pro spravnou funkci primo esencialni. Firewall je vazna vec
> a tomu, kdo ho pouziva aniz by dostatecne rozumel tomu, jak funguje a
> jak ho uzivat muze byt vic ku problemum nez k uzitku. ICMP pakety
> rozhodne nepatri k tem, ktere lze bez dokladneho rozmysleni beztrestne
> blokovat.

Nelze nez souhlasit.

	Ivosh

Open-Source software isn't a matter of life or death...
...It's much more important than that!

Previous message: Limiting closed port RST
Next message: Limiting closed port RST
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list