On Wed, 1 Dec 2004, Chris Higgins wrote:
> #define ICMP_DEST_UNREACH 3 /* Destination Unreachable */
You probablu dont want to block this one, its useful information (eg
to tell you to try another address you may have for the host/service
you're trying to reach.).
> #define ICMP_REDIRECT 5 /* Redirect (change route) */
You dont want to block this one if you have logical subnets on an
interface and still want to be able to talk to them.
> #define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */
Blocking this would break traceroutes.
> #define ICMP_PARAMETERPROB 12 /* Parameter Problem */
Why block this?
> #define ICMP_ADDRESS 17 /* Address Mask Request */
> #define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */
These arent used any more TTBOMK (they date from an RFC from pre-CIDR
days), indeed i dont think they ever saw much use.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Humor in the Court:
Q. And who is this person you are speaking of?
A. My ex-widow said it.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
