From owner-freebsd-ipfw  Fri Mar 30 19:43:58 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from midway.uchicago.edu (midway.uchicago.edu [128.135.12.12])
	by hub.freebsd.org (Postfix) with ESMTP id 5FCB737B729
	for <freebsd-ipfw@FreeBSD.ORG>; Fri, 30 Mar 2001 19:43:52 -0800 (PST)
	(envelope-from dbsypher@uchicago.edu)
Received: from C40948-B.uchicago.edu (broad-173-147.rh.uchicago.edu [128.135.173.147])
	by midway.uchicago.edu (8.10.1/8.10.1) with ESMTP id f2V3hpW13333;
	Fri, 30 Mar 2001 21:43:51 -0600 (CST)
Message-Id: <4.3.2.7.2.20010330213837.00c173a0@nsit-popmail.uchicago.edu>
X-Sender: dbsypher@nsit-popmail.uchicago.edu
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 30 Mar 2001 21:43:39 -0600
To: "alexus" <ml@db.nexgen.com>, <freebsd-ipfw@FreeBSD.ORG>
From: David Syphers <dbsypher@uchicago.edu>
Subject: Re: disable ping to box using ipfw
In-Reply-To: <003001c0b988$d02e7410$9865fea9@book>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 09:17 PM 3/30/01 -0500, alexus wrote:
>does anyone know how i can disable ping to my box using ipfw?

${fwcmd} add deny icmp from any to ${ip}

building on the 'client' prototype (change reference to the ip for 'simple' 
prototype).  However, ping is not allowed by default, and so if your system 
is set to default deny, nobody can ping the machine if you're using even an 
unmodified client (or simple) prototype.

-David


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message