From owner-freebsd-questions Sun Jan 3 18:00:39 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA08451 for freebsd-questions-outgoing; Sun, 3 Jan 1999 18:00:39 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from guru.phone.net (guru.phone.net [209.157.82.120]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA08446 for ; Sun, 3 Jan 1999 18:00:38 -0800 (PST) (envelope-from mwm@phone.net) Received: (qmail 12534 invoked by uid 100); 4 Jan 1999 02:00:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Jan 1999 02:00:13 -0000 Date: Sun, 3 Jan 1999 18:00:13 -0800 (PST) From: Mike Meyer To: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Question In-Reply-To: <368FD872.C6D876A5@email.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I ran into a problem trying to do the following: I want, using the IPFW, > to disable my echo service. This works via icmp so the following line > disables it totally: Assuming you just want to reject echo (and are allowing everything else), then you should note that echo is 8, not 7. So the line should be (for 3.0-RELEASE; if you're running an earlier version, it might be different): ipfw add 1 reject icmp from any to 212.242.22./24 icmptypes 8 This works (well, with my ip addresses in it) for me - the remote host gets "host unreachable" messages. But it's better to work firewalls the other way - deny everything, and then allow the ones you need to let through. So you really want something like: ipfw add 10 allow icmp from any to 212.242.22./24 icmptypes 0,3,11,12,13,14,15,16,17,18 ipfw add 20 allow icmp from 212.242.22./24 to any ipfw add 30 deny icmp from any to any I allowed the inbound set I normally allow, minus echo. You'll may want to change that. I also allow arbitrary outbound icmp, which you might also want to change. But the above is better than denying 8 and allowing everything else!