Date: Fri, 19 Oct 2001 07:41:29 -0700 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "Jamie Norwood" <mistwolf@mushhaven.net>, "Colin Percival" <colin.percival@wadham.ox.ac.uk> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: OT: Data Packet Filters? Message-ID: <002d01c158ac$23f34810$cd2a6ba5@lc.ca.gov> References: <003101c1589e$061ceac0$0301a8c0@bigdaddy> <20011019091840.A15330@mushhaven.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Jamie Norwood" <mistwolf@mushhaven.net> To: "Drew Tomlinson" <drew@mykitchentable.net> Sent: Friday, October 19, 2001 6:18 AM Subject: Re: OT: Data Packet Filters? > On Fri, Oct 19, 2001 at 06:00:27AM -0700, Drew Tomlinson wrote: > > I'm hoping someone on this list will share his/her knowledge with me > > even though this is somewhat off-topic. :) > > > > I am trying to deny ICMP echo reply packets on my 3Com 812 ADSL > > modem/router. It appears that the only way to do this is to write a > > data filter. The fields I need to determine are offset (bytes - which > > I thought was 36 for ICMP code), length (bytes - I thought 1), Masked > > (hex - appears that FF is to match data exactly), and data (hex - I > > thought 0x0 echo reply). > > > > Can anyone get me pointed in the right direction? Any help or URLs > > will be most appreciated. > > Why not set up a firewall with NAT? My network setup is like this: ISP | | IP is DHCP (RFC 1918 & draft-manning nets | inbound blocked here) | ADSL Modem/Router (provides DNS & NAT) |192.168.10.1 RFC 1918 & draft-manning nets | outbound blocked here) | |192.168.10.2 (ed1) Firewall | |192.168.1.2 (ed0) | Internal Network 192.168.1.0/24 The modem/router forwards all traffic to the firewall but will respond to ICMP messages on its own. Thus I need to stop unwanted ICMP traffic at the modem/router. The modem/router will allow me to easily block *all* ICMP traffic but from what I've read, this is not a good thing. So the only way I can accomplish this (AFAIK) is to create a data packet filter on the modem/router to allow packets with ICMP type (what I want) rule first and then reject the rest. Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002d01c158ac$23f34810$cd2a6ba5>