Date: Thu, 17 Aug 2000 20:39:04 +0700 (NOVST) From: "Rashid N. Achilov" <shelton@sentry.granch.ru> To: Richard Martin <dmartin@origen.com> Cc: Erick Mechler <emechler@sendmail.com>, freebsd-security@FreeBSD.ORG, Manfredi Blasucci <sonoro@inet.it> Subject: Re: deny incoming icmp Message-ID: <XFMail.000817203904.shelton@sentry.granch.ru> In-Reply-To: <399BE73E.5C380746@origen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17-Aug-00 Richard Martin wrote:
> Correct me if I am wrong, but wouldn't a single rule be faster?
>
> /sbin/ipfw add pass icmp from ${oip} to any icmptypes 0,3,4,8,11,12 # outward
> /sbin/ipfw add pass icmp from any to ${oip} icmptypes 0,3,4,11,12 # inward
>
> ( icmp type 4 is source quench)
> and you may not want to log every ping, but know what isn't getting in
>
> /sbin/ipfw add deny log icmp from any to any
>
What type of ICMP messages uses traceroute? I'd like to mask internal network structure from
tracing...
--
With Best Regards.
Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer
e-mail: achilov@granch.ru, tel (383-2) 24-2363
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000817203904.shelton>