From owner-freebsd-security Thu Aug 17 6:37:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.135]) by hub.freebsd.org (Postfix) with ESMTP id 0247537B62B for ; Thu, 17 Aug 2000 06:37:21 -0700 (PDT) Received: (from shelton@localhost) by sentry.granch.com (8.9.3/8.9.3) id UAA28589; Thu, 17 Aug 2000 20:39:04 +0700 (NOVST) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <399BE73E.5C380746@origen.com> Date: Thu, 17 Aug 2000 20:39:04 +0700 (NOVST) Reply-To: "Rashid N. Achilov" Organization: Granch Ltd. From: "Rashid N. Achilov" To: Richard Martin Subject: Re: deny incoming icmp Cc: Erick Mechler , freebsd-security@FreeBSD.ORG, Manfredi Blasucci Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 17-Aug-00 Richard Martin wrote: > Correct me if I am wrong, but wouldn't a single rule be faster? > > /sbin/ipfw add pass icmp from ${oip} to any icmptypes 0,3,4,8,11,12 # outward > /sbin/ipfw add pass icmp from any to ${oip} icmptypes 0,3,4,11,12 # inward > > ( icmp type 4 is source quench) > and you may not want to log every ping, but know what isn't getting in > > /sbin/ipfw add deny log icmp from any to any > What type of ICMP messages uses traceroute? I'd like to mask internal network structure from tracing... -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer e-mail: achilov@granch.ru, tel (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message