I've been reading RFC 4890 to figure out what ICMP types I need to allow in, and this seems to be the recommended range:
1-4, 128-137, 141-143, 148-149, 151-153
However, it seems like some of these (namely 137, 148-149, 151-153) are intended for upstream routers. I'm just working on the firewall configuration for a bastion host, is the range defined in the RFC good or do I need to remove the 137, 148-149, and 151-153 ranges?
Edit: I've also seen a comment on here which recommended only 1-4, 128-136. Any guidance is appreciated.
No comments:
Post a Comment