Firewall config: ICMP nummer?

petterg · 1. januar 2005

Prøver å forbedre brannmuren her, men mangler kunnskap om ICMP-typer og hva de brukes til.

Nåværende konfig tilater 0,3,4,8,11,12,14,16,18 inngående

og 0,4,8,12,13,15,17 ut.

Stortsett det eneste jeg har skjønt her er at 0 og 8 må tilates for å kunne bruke ping. Kan noen gi en kort forklaring på hva de andre brukes til, og hvor for de (ikke) bør tilates?

Type    Name
----    ---------------------
 0     Echo Reply
       Codes
           0  No Code

 1     Unassigned
 2     Unassigned
 3     Destination Unreachable
Codes
   0  Net Unreachable
   1  Host Unreachable
           2  Protocol Unreachable
           3  Port Unreachable
           4  Fragmentation Needed and Don't Fragment was Set
           5  Source Route Failed
           6  Destination Network Unknown
           7  Destination Host Unknown
           8  Source Host Isolated
           9  Communication with Destination Network is
              Administratively Prohibited
          10  Communication with Destination Host is
              Administratively Prohibited
          11  Destination Network Unreachable for Type of Service
          12  Destination Host Unreachable for Type of Service
          13  Communication Administratively Prohibited
          14  Host Precedence Violation
          15  Precedence cutoff in effect

 4     Source Quench
       Codes
           0  No Code

 5     Redirect
       Codes
           0  Redirect Datagram for the Network (or subnet)
           1  Redirect Datagram for the Host
           2  Redirect Datagram for the Type of Service and Network
           3  Redirect Datagram for the Type of Service and Host

 6     Alternate Host Address
       Codes
           0  Alternate Address for Host

 7     Unassigned
 8     Echo
       Codes
           0  No Code

 9     Router Advertisement
       Codes
           0  Normal router advertisement      
          16  Does not route common traffic

10     Router Selection
       Codes
           0  No Code

11     Time Exceeded
       Codes
           0  Time to Live exceeded in Transit
           1  Fragment Reassembly Time Exceeded

12     Parameter Problem
       Codes
           0  Pointer indicates the error
           1  Missing a Required Option
           2  Bad Length

13     Timestamp
       Codes
           0  No Code

14     Timestamp Reply
       Codes
           0  No Code

15     Information Request
       Codes
           0  No Code

16     Information Reply
       Codes
           0  No Code

17     Address Mask Request
       Codes
           0  No Code

18     Address Mask Reply
       Codes
           0  No Code

19     Reserved (for Security)
20-29  Reserved (for Robustness Experiment)
30     Traceroute
31     Datagram Conversion Error
32     Mobile Host Redirect
33     IPv6 Where-Are-You
34     IPv6 I-Am-Here
35     Mobile Registration Request
36     Mobile Registration Reply
39     SKIP
40     Photuris
Codes
           0 = Bad SPI
           1 = Authentication Failed
           2 = Decompression Failed
           3 = Decryption Failed
           4 = Need Authentication
           5 = Need Authorization

Logg inn

Firewall config: ICMP nummer?

Anbefalte innlegg

petterg

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Trump 2025 1 2 3 4 168

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3756

Hvem er aktive 0 medlemmer