There seems to be a lot of confusion on this sub about the need to explicitly allow ICMP into networks. In most cases, a properly configured firewall will allow necessary ICMP back in without an explicit Any ICMP Type X rule. This gives you the benefit of still passing ICMP error messages, without the risk of opening up your network to ICMP attacks.
Once the firewall receives an ICMP error message, it extracts from its payload the attributes of the original packet that caused this error message to be sent. Then, the firewall searches in its session table for a session entry with similar attributes. If a match is found, the error message is embedded to its corresponding session entry and is allowed to pass through the firewall in order to notify the sender that the sent request is not accomplished.
https://ieeexplore.ieee.org/document/8710298
I'm sure I'll get downvoted, but I am only concerned with those who interpret what some are saying in this sub as if they need define an Any rule that unnecessarily opens themselves to attacks.
No comments:
Post a Comment