From owner-freebsd-questions  Mon Jul 21 11:35:16 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA01670
          for questions-outgoing; Mon, 21 Jul 1997 11:35:16 -0700 (PDT)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA01649;
          Mon, 21 Jul 1997 11:35:10 -0700 (PDT)
Received: (from mdtancsa@localhost) by granite.sentex.net (8.8.5/8.6.9) id OAA29815; Mon, 21 Jul 1997 14:43:48 -0400 (EDT)
From: Mike D Tancsa <mdtancsa@sentex.net>
Message-Id: <199707211843.OAA29815@granite.sentex.net>
Subject: preventing ICMP echo requests to the broadcast address
To: questions@freebsd.org, hackers@freebsd.org
Date: Mon, 21 Jul 1997 14:43:45 -0400 (EDT)
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Is there any easy way to always prevent someone from pinging the
broadcast addresses on my networks other than explicitly filtering
them using ipfw ?  

Also, while on the topic of ipfw, does anyone know how much processor
overhead ipfw adds to the system ?  I suppose the more rules one
adds the worse it gets.  But does anyone have a reasonable guestimate ?

Thanks,

	---Mike