Date: Wed, 16 Aug 2000 22:15:21 -0700 From: Erick Mechler <emechler@sendmail.com> To: "Rashid N. Achilov" <achilov@granch.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: deny incoming icmp Message-ID: <20000816221521.B23432@sendmail.com> In-Reply-To: <XFMail.000817121054.shelton@sentry.granch.ru>; from Rashid N. Achilov on Thu, Aug 17, 2000 at 12:10:54PM %2B0700 References: <XFMail.000817121054.shelton@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
First you have to enable firewalling code in your kernel. Once you've done
that, the following two ipfw rules should do what you want:
ipfw add deny icmp from any to any
ipfw add allow icmp from ${oip} to any via ${oif}
where ${oip} is the IP address of your outside interface, and ${oif} is the
outside interface itself.
Regards,
Erick
At Thu, Aug 17, 2000 at 12:10:54PM +0700, Rashid N. Achilov said this:
:: What can I deny/fake incoming icmp traffic and allow outgoung?
:: --
:: With Best Regards.
:: Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer
:: e-mail: achilov@granch.ru, tel (383-2) 24-2363
::
::
:: To Unsubscribe: send mail to majordomo@FreeBSD.org
:: with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000816221521.B23432>