[Asterisk-Users] Fedora Core 2 firewall rules - NO NAT!
Eric Wieling aka ManxPower
eric at fnords.org
Tue Nov 30 11:47:36 MST 2004
Ed Robbins wrote:
> My recommendation is to disable all telnet/ftp/rlogin period. Limit SSH
> access from known hosts and drop all ICMP packets so you look like a black
> hole.
NEVER drop all ICMP packets. If you do that it will break TCP MTU
discovery and random hosts will not be reachable. Accept all ICMP
packets, drop outgoing ICMP except for the few you need like
packet-too-big and things like that. Read up on ICMP blocking and
firewalls.
--Eric
--
I am seeking part or full time employment in Toronto, The Netherlands,
or Belgium. My preference is part time employment in Toronto with
some telecommuting. Currently located in New Orleans, Louisiana and am
happy to relocate. Contact eric at fnords.org.
More information about the asterisk-users
mailing list