Date: Sat, 3 Jul 1999 11:01:08 +1000 (EST) From: Rowan Crowe <rowan@sensation.net.au> To: freebsd-isp@freebsd.org Subject: Re: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? Message-ID: <Pine.BSF.4.01.9907031057590.17542-100000@velvet.sensation.net.au> In-Reply-To: <Pine.BSF.3.95.990702103213.15074A-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2 Jul 1999, Julian Elischer wrote: > On Fri, 10 Jun 1994, Rowan Crowe wrote: This was due to a m/b upgrade, I forgot to reset the clock. (whoops) An ntpdate entry in crontab took care of it within 24 hours... > > As this is a reasonably common attack and fairly simplistic in nature I > > thought I might be able to get ipfw to block it. However, after some head > > scratching and reading of the man pages it seems that ipfw will not allow > > me to block a "subtype" such as the '.2' in 3.2. > > > > satin# ipfw a 1 deny icmp from 1.2.3.4 to 1.2.3.4 icmptypes 3.2 > > ipfw: error: invalid ICMP type > > > > I can't just blanket block type 3 as that's destination unreachable, which > > generally is a legitimate ICMP message that should be passed. > > > > Any ideas? > > a patch to /sys/netinet/ip_fw.c that implements this > and > /usr/src/sbin/ipfw > > would not be too hard for you to write if you wanted that functionality, > and we could certainly commit it if you did.. > :-) ...except my knowledge of C, especially existing code, isn't the best. ;-) You should see some of my own programs written from scratch, a lot of them use my own functions written from first principles because I don't fully understand how to pass parameters to certain standard library calls (sockets are one of those things) Any takers? :) Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9907031057590.17542-100000>