From owner-freebsd-questions Wed May 24 09:57:37 1995 Return-Path: questions-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA16011 for questions-outgoing; Wed, 24 May 1995 09:57:37 -0700 Received: from aries.ai.net (ai.net [198.69.35.206]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA15999 for ; Wed, 24 May 1995 09:57:34 -0700 Received: (from nc@localhost) by aries.ai.net (8.6.11/8.6.12) id MAA00381; Wed, 24 May 1995 12:52:05 -0400 Date: Wed, 24 May 1995 12:52:04 -0400 (EDT) From: Network Coordinator To: questions@FreeBSD.org Subject: IPFW - Docs?/Questions? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: questions-owner@FreeBSD.org Precedence: bulk I have been tinkering with IPFW as of late noticing that occassionally someone out there tries to ping -f a system or two over here. What I would ideally like to do is deny all icmp packets from the world as a general rule, but allow them from particular networks or hosts. For example ipfw addf deny icmp from 255.255.255.255/32 to 198.69.44.1 ipfw addf log icmp from 128.220.59.78/24 to 198.69.44.1 are both accepted commands and such. ipfw even reports the first as being a deny from 255.255.255.255:255.255.255.255 yet it does not work. When I specify particular class B addresses [/24] there is no problem, and everything works great. I do not want to change the world-policy to deny because that would also deny tcp and udp connects which I would prefer not to do. Any ideas on how to go about this? Thanks, -Jerry.