On Tue, Oct 16, 2001 at 11:13:14AM -0500, David Dyer-Bennet wrote: > When constructing my rulesets, I wasn't sure what icmp messages I > wanted to allow in. I ended up settling for allowing all icmp in, > baseed on some of the things I saw in the logs when I was more > selective. > > Are the various "unreachable" and "redirect" messages not useful? And > are they particularly risky to allow through? You can allow most, but you should disable "source-quench" and other qustionable use ones. Look at the IP-Tables and IP-Chains HOWTO's on http://www.linuxdoc.org or your documentation in /usr/share/doc/<package>. -- Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD