At 00:28 3/2/95, mulligan @
incog .
com wrote:
>> >A related question is, should your firewall send back anything at all or
>> >should you leave the sender wondering what happened to his nastygrams ?
>>
>> I don't think the filtering router should send back ICMP messages in
>> response to packets dropped by filtering.
>>
>
>I disagree. I think that this should be configurable. If for some
>reason you want to send icmp's on a per rule/port/service and per
>interface basis, you should be able. In addition, you should be able to
>set the type of unreachable message that you send.
I meant that filtering routers shouldn't AUTOMATICALLY send back ICMP
messages for blocked packets, as some do. A configurable option
(particularly if it's settable on a per-rule basis) would definitely be a
good thing.
-Brent
--
== For info about the Internet Security Firewalls Tutorial and a schedule ==
== of upcoming dates, please send email to Tutorial-Info @
GreatCircle .
COM ==
==============================================================================
== Brent Chapman Great Circle Associates ==
== Brent @
GreatCircle .
COM 1057 West Dana Street ==
== +1 415 962 0841 Mountain View, CA 94041 ==
|
|
