26 Feb
2016
26 Feb
'16
5:04 a.m.
On Thu, 2016-02-25 at 07:19 +0000, James Hogarth wrote:
Well if you really want to call it a problem... Blocking ICMP via a host based firewall remains pretty silly.
On all servers I used IPtables to block (DROP) all incoming ICMPs except:-
type 0 state RELATED,ESTABLISHED type 3 state RELATED,ESTABLISHED type 8 state NEW,RELATED,ESTABLISHED type 11 state RELATED,ESTABLISHED
All outgoing ICMPs are blocked except for:-
type 0 state RELATED,ESTABLISHED type 8 state NEW,RELATED,ESTABLISHED
Am I silly too ;-)
--
Regards,
Paul.
England, EU. England's place is in the European Union.