From owner-freebsd-security Wed Jun 28 8:50: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from horizon.barak-online.net (horizon.barak.net.il [206.49.94.218]) by hub.freebsd.org (Postfix) with ESMTP id C322737BC5D for ; Wed, 28 Jun 2000 08:49:58 -0700 (PDT) (envelope-from bk532@iname.com) Received: from localhost.local.net (pop09-1-ras1-p196.barak.net.il [212.150.8.196]) by horizon.barak-online.net (8.9.3/8.9.1) with ESMTP id SAA28097; Wed, 28 Jun 2000 18:49:00 +0300 (IDT) Received: from iname.com (localhost.local.net [127.0.0.1]) by localhost.local.net (8.9.3/8.9.3) with ESMTP id QAA00595; Wed, 28 Jun 2000 16:26:36 +0300 (IDT) (envelope-from bk532@iname.com) Message-ID: <3959FD09.145EBF61@iname.com> Date: Wed, 28 Jun 2000 16:26:33 +0300 From: Boris Karnaukh Organization: Private person X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en, ru MIME-Version: 1.0 To: Salvo Bartolotta Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmp type 3 code 4: a couple of questions References: <20000627.14530500@bartequi.ottodomain.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Salvo Bartolotta wrote: > > Dear FreeBSD'ers, > > I am running a paranoidly closed firewall (homebox). > > Just out of curiosity, is there an *ipfw* way to allow ONLY icmp type > 3 code 4 packets (DF), dropping all other icmp packets onto the floor Here is quote from my ruleset: add allow icmp from any to any in icmptypes 0,3,11,12,14,16,18 add allow icmp from any to any out -- Boris Karnaukh (mailto:bk532@iname.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message