Date: Mon, 1 Oct 2001 13:25:28 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: gkshenaut@ucdavis.edu, security@FreeBSD.ORG Subject: Re: How to config IPFW for enable ping and traceroute Message-ID: <20011001132528.C304@blossom.cjclark.org> In-Reply-To: <20010929013148.B37579@mail.webmonster.de>; from karsten@rohrbach.de on Sat, Sep 29, 2001 at 01:31:48AM %2B0200 References: <20010927061935.UUFZ16495.mta10.onebox.com@onebox.com> <200109271736.f8RHZrA20332@thistle.bogs.org> <20010929013148.B37579@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 29, 2001 at 01:31:48AM +0200, Karsten W. Rohrbach wrote: > stateful rules woud be better, i don't know if this can be done with > ipfw (but i guess it should work somehow). There isn't really a good way to do it with dynamic rules in ipfw(8). > that's the ipfilter config for getting traceroute to work, for those who > are interested... > > # traceroute=30 > pass in quick proto icmp from any to 0.0.0.0/32 icmp-type 30 keep state > pass out quick proto icmp from 0.0.0.0/32 to any icmp-type 30 keep state If you actually find a traceroute program that uses the RFC1393 protocol, I'd like to see it. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011001132528.C304>