ICMP Packets
SunScreen provides predefined services for screening ICMP packets including ping.
The icmp state engine can also be used to create other services to pass ICMP messages of a specific type. Most of the common ICMP packets have entries in the predefined services.
These rules allow Inside systems to ping Outside systems, but not vice versa. It also allows ICMP unreachable packets to be sent from Outside systems to Inside systems. Note that the ping service allows packets in two directions (ping-requestpackets from Source to Destination and ping-response packets from Destination to Source) while the icmp-unreach service only allows packets to flow in one direction (from Source to Destination).
- © 2010, Oracle Corporation and/or its affiliates