Date: Thu, 17 Aug 2000 16:05:09 +0700 (NOVST) From: "Rashid N. Achilov" <shelton@sentry.granch.ru> To: Erick Mechler <emechler@sendmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: deny incoming icmp Message-ID: <XFMail.000817160509.shelton@sentry.granch.ru> In-Reply-To: <20000816221521.B23432@sendmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17-Aug-00 Erick Mechler wrote:
> First you have to enable firewalling code in your kernel. Once you've done
> that, the following two ipfw rules should do what you want:
>
> ipfw add deny icmp from any to any
> ipfw add allow icmp from ${oip} to any via ${oif}
>
> where ${oip} is the IP address of your outside interface, and ${oif} is the
> outside interface itself.
>
Sorry, more precision...
I have a firewall, protecting my network. IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL_FORWARD
enabled. What can I allow icmp from our network any deny/fake incoming to our network icmp?
--
With Best Regards.
Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer
e-mail: achilov@granch.ru, tel (383-2) 24-2363
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000817160509.shelton>