[Asterisk-Users] Fedora Core 2 firewall rules - NO NAT!

Eric Wieling aka ManxPower eric at fnords.org
Tue Nov 30 11:47:36 MST 2004


Ed Robbins wrote:

> My recommendation is to disable all telnet/ftp/rlogin period.  Limit SSH
> access from known hosts and drop all ICMP packets so you look like a black
> hole.

NEVER drop all ICMP packets.  If you do that it will break TCP MTU 
discovery and random hosts will not be reachable.  Accept all ICMP 
packets, drop outgoing ICMP except for the few you need like 
packet-too-big and things like that.  Read up on ICMP blocking and 
firewalls.

--Eric

-- 
I am seeking part or full time employment in Toronto, The Netherlands,
or Belgium.  My preference is part time employment in Toronto with
some telecommuting. Currently located in New Orleans, Louisiana and am
happy to relocate. Contact eric at fnords.org.




More information about the asterisk-users mailing list