From owner-freebsd-questions Mon Apr 14 02:20:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id CAA28178 for questions-outgoing; Mon, 14 Apr 1997 02:20:19 -0700 (PDT) Received: from mail.warp.co.uk (root@mail.warp.co.uk [194.207.68.4]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id CAA28135; Mon, 14 Apr 1997 02:20:03 -0700 (PDT) Received: from temp1.warp.co.uk (temp1.warp.co.uk [194.207.68.11]) by mail.warp.co.uk with SMTP id KAA11633; Mon, 14 Apr 1997 10:13:07 GMT Message-Id: <3.0.1.32.19970414101117.006a1bd0@mail.warp.co.uk> X-Sender: tony@mail.warp.co.uk X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Mon, 14 Apr 1997 10:11:17 +0100 To: Eugeny Kuzakov From: Anthony Barlow Subject: Re: Firewalling large ICMP packets.. Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 12:49 14-04-97 +0700, Eugeny Kuzakov wrote: >On Mon, 14 Apr 1997, Adrian Chadd wrote: > >> Date: Mon, 14 Apr 1997 12:55:02 +0800 (WST) >> From: Adrian Chadd >> To: Anthony Barlow >> Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org >> Subject: Re: Firewalling large ICMP packets.. >> >> ipfw add deny icmp from any to any (or something like that) >> >> I'm trying to firewall large ICMP packets :) > >You may also deny all frag packets. In ipfilter by Darren Red it's simple. >May I right ? Sorry I wouldn't know. Our Filter (internet.in) looks like this deny 194.207.68.0/24 0.0.0.0/0 < Blocks spoofing attempts 68.0 is our NOC center's network permit tcp permit udp deny icmp < Block the Ping of Death etc. Regards, Anthony