Re: ipfilter, return-icmp and RFC1122

To: Jim Wise <jwise%draga.com@localhost>, Petar Bogdanovic <petar%smokva.net@localhost>
Subject: Re: ipfilter, return-icmp and RFC1122
From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
Date: Thu, 5 Jun 2008 11:45:58 -0700

On Sep 20, 11:16pm, Jim Wise wrote:
} On Wed, 4 Jun 2008, Petar Bogdanovic wrote:
} 
} >     +block return-rst  in proto tcp
} >     +block return-icmp in proto udp
} 
} Note that a quick fix would be to treat the broadcast address `specially'
} for these rules.  So replace the above with:
} 
}     my_addr="10.2.3.4";
}     broadcast_addr="10.2.3.255";
} 
}     block from any to $broadcast_addr
}     block return-rst  in proto tcp
}     block return-icmp(port-unr) in proto udp from any to $my_addr
}     block return-icmp in proto udp
} 
} This should give the most `realistic' error responses for your non-open
} ports, unless I'm missing something (entirely possible).

     IPF rules are last match, so wouldn't this cause the same
problem?  Should the "block from any to $broadcast_addr" be at the
bottom?

}-- End of excerpt from Jim Wise

Follow-Ups:
- Re: ipfilter, return-icmp and RFC1122
  - From: Jim Wise

Prev by Date: Re: ipfilter, return-icmp and RFC1122
Next by Date: Re: ipfilter, return-icmp and RFC1122
Previous by Thread: Re: ipfilter, return-icmp and RFC1122
Next by Thread: Re: ipfilter, return-icmp and RFC1122
Indexes:

Home | Main Index | Thread Index | Old Index