From owner-freebsd-security Wed Aug 16 22:16:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from katroo.Sendmail.COM (katroo.Sendmail.COM [209.246.26.35]) by hub.freebsd.org (Postfix) with ESMTP id 6241137B8B3 for ; Wed, 16 Aug 2000 22:16:32 -0700 (PDT) (envelope-from emechler@sendmail.com) Received: from sam.sendmail.com (root@sam.Sendmail.COM [10.210.109.78]) by katroo.Sendmail.COM (8.9.3/8.9.3) with ESMTP id WAA10681; Wed, 16 Aug 2000 22:16:22 -0700 (PDT) Received: (from emechler@localhost) by sam.sendmail.com (8.9.3/8.9.3/Debian 8.9.3-21) id WAA23461; Wed, 16 Aug 2000 22:15:21 -0700 Date: Wed, 16 Aug 2000 22:15:21 -0700 From: Erick Mechler To: "Rashid N. Achilov" Cc: freebsd-security@FreeBSD.ORG Subject: Re: deny incoming icmp Message-ID: <20000816221521.B23432@sendmail.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i In-Reply-To: ; from Rashid N. Achilov on Thu, Aug 17, 2000 at 12:10:54PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org First you have to enable firewalling code in your kernel. Once you've done that, the following two ipfw rules should do what you want: ipfw add deny icmp from any to any ipfw add allow icmp from ${oip} to any via ${oif} where ${oip} is the IP address of your outside interface, and ${oif} is the outside interface itself. Regards, Erick At Thu, Aug 17, 2000 at 12:10:54PM +0700, Rashid N. Achilov said this: :: What can I deny/fake incoming icmp traffic and allow outgoung? :: -- :: With Best Regards. :: Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer :: e-mail: achilov@granch.ru, tel (383-2) 24-2363 :: :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message