1

iptables | Types of ICMP: which ones are (potentially) harmful?

view story
linux-howto

http://serverfault.com – I read that certain types¹ of ICMP packets can be harmful. Questions: Which ones and why? How should I layout an iptables ruleset to handle each type of ICMP packet? Should I rate-limit any of these types of ICMP packets? And how? [¹] The types I read about: Redirect (5), Timestamp (13) and Address Mask Request (17). Please don't consider just these on your answer. More info It's a web server on a VPS with Ubuntu Server. The goal I'm trying to make the system safer, mitigate the risk of some D/DoS attacks and general abuse. Related Is my linux firewall secure? Why not block ICMP? (HowTos)