Firewall stateful handling of ICMP packets

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

there are expert modes where you can apply the
name source destination protocol time comments.  rank state action track
for more stabilized dedicated connections
 
I am certain there are more depending on the vender
 
-Henry

Sean Donelan <sean at donelan.com> wrote:


You could drop ICMP packets at your firewall if the firewalls properly
implemented stateful inspection of ICMP packets. The problem is few
firewalls include ICMP responses in their statefull analysis. So you are
left with two bad choices, permit "all" ICMP packets or deny "all" ICMP
packets.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031203/30c00aff/attachment.html>

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]