Firewall configuration
Digi TransPort User Guide 666
Filtering on ICMP codes
An ip-object can be followed by an optional [icmp] field.
[icmp]
This field allows the script to filter packets based on ICMP codes. ICMP packets are normally
used to debug and diagnose a network and can be extremely useful. However, they form part
of a low-level protocol and are frequently exploited by hackers for attacking networks. For this
reason, most network administrators will want to restrict the use of ICMP packets.
The syntax for including ICMP filtering is:
icmp = “icmp-type” icmp-type [“code” decnum]
icmp-type
Can be one of the pre-defined strings listed in the following table or the equivalent decimal
numeric value:
ICMP Type ICMP Value
Unreach 3
Echo 8
Echorep 0
Squench 4
Redir 5
Timex 11
Paramprob 12
Timest 13
Timestrep 14
Inforeq 15
Inforep 16
Maskreq 17
Maskrep 18
Routerad 9
Routersol 10
To Next Page
Loading...
