hi list!
it is not really a shorewall question but more iptables related:
is there a way to block icmp echo request packets with record route
option set other than completely block icmp echo requests?
googling the topic i found a patchomatic project that introduces an
ipv4options match, that allows to match on record route.
i also browsed through /proc/sys/net/ipv4 but didn''t find anything
promising.
i am concerned about this because this feature allows a potential
attacker to neatly map your network.
TIA for your input/ideas
regards
matthias
--
"Unix gives you just enough rope to hang yourself -- and then a
couple more feet, just to be sure." Eric Allman
