Why ICMP? Im curious what inherent risk that would present.
I too am setting up a screening firewall, but I want to allow pings to
traverse the external router. (any advice on how to filter all ICMP
>From: Ricardo Alvarado[SMTP:ralvarado @
>Sent: Friday, January 03, 1997 10:20 AM
>To: firewalls @
>Subject: Re: internal filtering router - filter config?
>>What type of things would you filter on the internal router? or even
>>the external router? I am going to be installing a firewall real soon
>>and would really appreciate any help.
>In your external router you'd block any ICMP traffic going back and
>forth, as well as any packets bearing one of your internal IP addresses,
>as a source address, especially if these are going INTO your protected
>network. Also, kill telnets, fingers, snmp and snmp trap. Actually, kill
>any ports that your users will not be using, andl leave just mail, web,