Great Circle Associates Firewalls
(June 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: firewall rule for traceroute ?
From: Michel Lavondes <lavondes @ tidtest . total . fr>
Date: Fri, 07 Jun 1996 11:26:22 +0100
To: Jean-Christophe Touvet <jct @ edelweb . fr>
Cc: Kim <cgkim @ kotel . co . kr>, firewalls @ greatcircle . com
In-reply-to: Your message of "Fri, 07 Jun 1996 10:40:11 +0200."

In message <199606070840 .
 KAA18443 @
 champagne .
 edelweb .
 fr>, Jean-Christophe Touvet
 writes:
> > I'd like to permit traceroute internal to external and
> > block external to internal traceroute.
> > Any experiances ?
> 
>  Outbound:
> 
> 	permit udp >= 33434
> 
>  Inbound:
> 
> 	permit icmp unreachable
> 
You also should permit ICMP TTL expired inbound (unless it's an
unreachable - don't remember OTTOMH whether it is)

Michel Lavondes (lavondes @
 tidtest .
 total .
 fr)
#include <disclaimer.h>
Governments are guilty until proved innocent


Follow-Ups:
Indexed By Date Previous: RE: How to Connect WINS and DNS in NT 4.
From: axel . skough @ scb . se
Next: Virus scanning
From: Ian Johnstone-Bryden <ianj-b @ dial . pipex . com>
Indexed By Thread Previous: Re: firewall rule for traceroute ?
From: "Paul D. Robertson" <proberts @ clark . net>
Next: Re: firewall rule for traceroute ?
From: Jean-Christophe Touvet <jct @ edelweb . fr>

Google
 
Search Internet Search www.greatcircle.com