From owner-freebsd-questions  Sat Oct  5 17: 1:28 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA40837B401
	for <questions@freebsd.org>; Sat,  5 Oct 2002 17:01:27 -0700 (PDT)
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EAF3543E6A
	for <questions@freebsd.org>; Sat,  5 Oct 2002 17:01:26 -0700 (PDT)
	(envelope-from keramida@freebsd.org)
Received: from hades.hell.gr (patr530-a173.otenet.gr [212.205.215.173])
	by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id g9601N6T001495;
	Sun, 6 Oct 2002 03:01:24 +0300 (EEST)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.6/8.12.6) with ESMTP id g9600mNf034850;
	Sun, 6 Oct 2002 03:01:29 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Received: (from keramida@localhost)
	by hades.hell.gr (8.12.6/8.12.6/Submit) id g95IfAif035816;
	Sat, 5 Oct 2002 21:41:10 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Date: Sat, 5 Oct 2002 21:41:09 +0300 (EEST)
From: Giorgos Keramidas <keramida@freebsd.org>
X-X-Sender: keramida@hades
To: "Jack L. Stone" <jackstone@sage-one.net>
Cc: "Patrick O'Reilly" <bsd@perimeter.co.za>,
	<questions@freebsd.org>, master <master@tyranz.com>
Subject: Re: block icmp with ipfw
In-Reply-To: <3.0.5.32.20021005085103.011d62c0@mail.sage-one.net>
Message-ID: <20021005213833.K35489-100000@hades>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 2002-10-05 08:51, Jack L. Stone wrote:
> At 03:41 PM 10.5.2002 +0200, Patrick O'Reilly wrote:
> >From: "master" <master@tyranz.com>
> > > hi all i would like to know the syntax of ipfw to block icmp ping?
> > > (echo and reply)
> >
> > ipfw add 123 deny ip from any to any icmtypes 8
>
> .... but if you still want to ping OUT....
> ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}

That will negate the effect of any firewall rules that "block" icmp
packets though, i.e. it's the opposite of what was asked :-)

-- 
keramida@FreeBSD.org -==- FreeBSD: The Power to Serve
FreeBSD 5.0-CURRENT #3: Wed Oct  2 04:55:42 EEST 2002


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message