From owner-freebsd-questions  Sat Oct  5 17:39: 5 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B84AB37B401; Sat,  5 Oct 2002 17:39:04 -0700 (PDT)
Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 83FFA43E42; Sat,  5 Oct 2002 17:39:03 -0700 (PDT)
	(envelope-from jackstone@sage-one.net)
Received: from sagea (sagea [192.168.0.3])
	by sage-one.net (8.11.6/8.11.6) with SMTP id g960d1N84727;
	Sat, 5 Oct 2002 19:39:01 -0500 (CDT)
	(envelope-from jackstone@sage-one.net)
Message-Id: <3.0.5.32.20021005193900.01199da8@mail.sage-one.net>
X-Sender: jackstone@mail.sage-one.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Sat, 05 Oct 2002 19:39:00 -0500
To: Giorgos Keramidas <keramida@FreeBSD.ORG>
From: "Jack L. Stone" <jackstone@sage-one.net>
Subject: Re: block icmp with ipfw
Cc: "Patrick O'Reilly" <bsd@perimeter.co.za>,
	<questions@FreeBSD.ORG>, master <master@tyranz.com>
In-Reply-To: <20021005213833.K35489-100000@hades>
References: <3.0.5.32.20021005085103.011d62c0@mail.sage-one.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 09:41 PM 10.5.2002 +0300, Giorgos Keramidas wrote:
>On 2002-10-05 08:51, Jack L. Stone wrote:
>> At 03:41 PM 10.5.2002 +0200, Patrick O'Reilly wrote:
>> >From: "master" <master@tyranz.com>
>> > > hi all i would like to know the syntax of ipfw to block icmp ping?
>> > > (echo and reply)
>> >
>> > ipfw add 123 deny ip from any to any icmtypes 8
>>
>> .... but if you still want to ping OUT....
>> ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
>
>That will negate the effect of any firewall rules that "block" icmp
>packets though, i.e. it's the opposite of what was asked :-)
>
>-- 
>keramida@FreeBSD.org -==- FreeBSD: The Power to Serve
>FreeBSD 5.0-CURRENT #3: Wed Oct  2 04:55:42 EEST 2002
>

....then answer the poster's question. I don't have the same other rule in
conflict....

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message