Sounds right. I stand corrected (or shall I say improved? ).

I think that I got the best idea about what I asked in first post .
Anything remains still ?
thanx to all the active members
Nirav

One more thing I would like to add here,

What about smurf denial of service attacks, if I am using a rule allowing ESTABLISHED or RELATED traffice.
Follow this link,

http://www.cert.org/advisories/CA-1998-01.html

From this artical I understand that allowing a ESTABLISHED or RELATED traffic of ICMP protocol to pass through the firewall on your pc may cause this SMURF attack.
is it so ? or my understanding is wrong

Nirav

Depends on which part of the attack you're talking about. It consists of several parts: the malicious host(s), a number of "amplifiers" and the target host.

To prevent being used as a smurf amplifier, configure your system not to respond to pings sent to the broadcast IP address. The ESTABLISHED,RELATED rule should drop unsolicited ping packets used to start the attack. If you want to be extra carefull or if you need to allow ping then use:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

If you are the target of a smurf attack, the ESTABLISHED,RELATED rule will again only drop icmp traffic that you initiate and drop all others. However with most flood-type DoS attacks, it becomes a matter of bandwidth vs bandwidth and if the attacker manages to leverage a large amount against you, then there isn't much you can do. In that case, the best option is to contact your ISP and have them filter the traffic at an upstream router or ideally have the amplifier network shutdown.