Firewalls: Re: firewall rule for traceroute ?

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: firewall rule for traceroute ?
From:	Jean-Christophe Touvet <jct @ edelweb . fr>
Date:	Fri, 07 Jun 1996 12:15:10 +0200
To:	Michel Lavondes <lavondes @ tidtest . total . fr>
Cc:	Kim <cgkim @ kotel . co . kr>, firewalls @ greatcircle . com
In-reply-to:	<9606070926 . AA08367 @ tidtest . total . fr>

> > > I'd like to permit traceroute internal to external and
> > > block external to internal traceroute.
> > > Any experiances ?
> >
> >  Outbound:
> >
> >  permit udp >= 33434
> >
> >  Inbound:
> >
> >  permit icmp unreachable
> >
> You also should permit ICMP TTL expired inbound (unless it's an
> unreachable - don't remember OTTOMH whether it is)

 Oops, sorry, you're right (I forgot that it isn't an unreachable code).

 Inbound:

	permit icmp unreachable
	permit icmp time-exceeded


    -JCT-

References:

Re: firewall rule for traceroute ?
From: Michel Lavondes <lavondes @ tidtest . total . fr>

Indexed By Date	Previous:	Virus scanning From: Ian Johnstone-Bryden <ianj-b @ dial . pipex . com>
Indexed By Date	Next:	Re: firewall rule for traceroute ? From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Previous:	Re: firewall rule for traceroute ? From: Michel Lavondes <lavondes @ tidtest . total . fr>
Indexed By Thread	Next:	RE: How to Connect WINS and DNS in NT 4. From: axel . skough @ scb . se