Table of Contents
Advertisement
27-14 C
27: P
HAPTER
ACKET
IP RIP Packet Filtering
ICMP Packet Filtering
F
ILTERS
Table 27-4
TCP
517
518
-
540
540
543
1642
-
-
RIP packets are used to identify all attached networks as well as the number of
router hops required to reach them. These responses are used to update a router's
table. If the OfficeConnect Gateway is listening for or broadcasting RIP messages,
you should allow them to pass in the appropriate direction(s). You define IP RIP
filtering rules in the IP-RIP protocol section of the filter file.
For example, if you want to filter all routes except the one specified by the IP
network address 195.120.254.145, you would create the following filter rule:
#filter
IP-RIP:
010 ACCEPT network = 195.120.254.145;
030 DENY;
This filter only allows the route 195.120.254.145 into the route table. All other
routes are rejected.
Spurious RIP messages can disrupt your routing tables. If you are listening for RIP
messages on a given interface, you may wish to consider filtering out RIP updates
from untrusted networks.
Internet Control Message Protocol (ICMP) packets contain messages exchanged by
IP modules in both hosts and gateways to report errors, problems and operating
information. ICMP message types are shown below. Note that most are error
messages necessary for the correct operation of TCP/IP.
Table 27-5
Type
Description
0
Echo Reply (Ping)
3
Destination Unreachable
4
Source Quench
5
Redirect (change route)
8
Echo Request (Ping)
11
Time Exceeded for a Datagram
12
Parameter Problem for a Datagram
UDP
517
talk (terminal to terminal chat)
518
ntalk (new terminal chat)
520
RIP
540
uucp (UNIX to UNIX copy)
540
uucp-rlogin
543
klogin (Kerberized login)
-
PortMux daemon
1645
RADIUS security
1646
RADIUS accounting
Description
Advertisement
Table of Contents
