Firewalls: Allowing ICMP

Firewalls
(April 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Allowing ICMP
From:	brian_stormont @ corfu . projo . com (Brian Stormont)
Date:	Thu, 10 Apr 1997 09:35:35 -0400
To:	firewalls @ greatcircle . com

What are people's thought on what ICMP traffic, if any, should be allowed 
through a firewall?  

Currently, I've been taking the very paranoid approach of blocking all 
incoming ICMP traffic, however I'm wondering whether this might be causing 
any network problems.  I recently noticed a very large number of type 3 
(sourcequench) and type 11 packets (time exceeded) destined for my web 
server which my firewall is currently blocking, and I was curious if it 
might be a good idea to let these through.

Any thoughts on how the different ICMP packets should be handled?


-brian

------------------------------
brian_stormont @
 corfu .
 projo .
 com

Indexed By Date	Previous:	Re: Apology From: "Chris Kostick" <christopher . t . kostick @ cpmx . saic . com>
Indexed By Date	Next:	ssh vs ssl From: Greg Dobrich <dobrich @ newscorp . com>
Indexed By Thread	Previous:	Re: An easy one From: Sean McPherson <sean @ ntr . net>
Indexed By Thread	Next:	ssh vs ssl From: Greg Dobrich <dobrich @ newscorp . com>