Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Feb 2001 17:40:57 -0800
From:      "Khairuddin Ghani" <abdulgha@usc.edu>
To:        <freebsd-security@freebsd.org>, <freebsd-questions@freebsd.org>
Subject:   dynamic ipfw ruleset to deny outgoing icmp attacks
Message-ID:  <DEEPJPCNCILOOFPCLOHDOEGBDFAA.abdulgha@usc.edu>
In-Reply-To: <F1DAE800B574D411883600D0B78873566E58@AUSYDEX1>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi there.

I have a 4.2-S machine which lacks an upstream firewall to the net. While
letting FreeBSD's ICMP_BANDLIM to do its work, I want to also be able to
disallow users to send outgoing ICMP packets with malicious intent, while
also allowing innocent users to be able to use ping(8)/etc.

How would I set up my ipfw ruleset for this scenario, if possible?

Also, what other concerns should I have regarding other net protocols to
avoid incoming/outgoing attacks?

Regards and thanks, Khairuddin.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DEEPJPCNCILOOFPCLOHDOEGBDFAA.abdulgha>