Re: icmp pass rules

[Frank Knobbe <frank () knobbe us>]

On Fri, 2008-10-24 at 10:33 -0400, Stephen Reese wrote:
> Last one I hope, I'm already using a few pass rules:
>
> #Ignore redirects from the main router to internet gateway
> var 3825ROUTER [172.31.1.1/32]
> pass icmp $3825ROUTER any -> $HOME_NET any

No, this ignore *all* ICMP traffic from the router to $HOME_NET, not
just redirects. You need to add the specific options (like icode) if you
want to limit it to redirects.

-Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users