From owner-freebsd-security Thu Aug 17 2:11:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.135]) by hub.freebsd.org (Postfix) with ESMTP id E4E5837B518 for ; Thu, 17 Aug 2000 02:07:56 -0700 (PDT) (envelope-from shelton@sentry.granch.com) Received: (from shelton@localhost) by sentry.granch.com (8.9.3/8.9.3) id QAA27892; Thu, 17 Aug 2000 16:05:09 +0700 (NOVST) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20000816221521.B23432@sendmail.com> Date: Thu, 17 Aug 2000 16:05:09 +0700 (NOVST) Reply-To: "Rashid N. Achilov" Organization: Granch Ltd. From: "Rashid N. Achilov" To: Erick Mechler Subject: Re: deny incoming icmp Cc: freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 17-Aug-00 Erick Mechler wrote: > First you have to enable firewalling code in your kernel. Once you've done > that, the following two ipfw rules should do what you want: > > ipfw add deny icmp from any to any > ipfw add allow icmp from ${oip} to any via ${oif} > > where ${oip} is the IP address of your outside interface, and ${oif} is the > outside interface itself. > Sorry, more precision... I have a firewall, protecting my network. IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL_FORWARD enabled. What can I allow icmp from our network any deny/fake incoming to our network icmp? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer e-mail: achilov@granch.ru, tel (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message