From owner-freebsd-questions  Sat Jan 22  6:45:49 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15])
	by hub.freebsd.org (Postfix) with ESMTP id 903CE14C95
	for <freebsd-questions@FreeBSD.ORG>; Sat, 22 Jan 2000 06:45:44 -0800 (PST)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Received: from hades.hell.gr (pat38.x-treme.gr [212.120.197.230])
	by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id QAA13197;
	Sat, 22 Jan 2000 16:45:39 +0200
Received: (from charon@localhost)
	by hades.hell.gr (8.9.3/8.9.3) id PAA28630;
	Sat, 22 Jan 2000 15:59:55 +0200 (EET)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Date: Sat, 22 Jan 2000 15:59:54 +0200
From: Giorgos Keramidas <charon@hades.hell.gr>
To: "David V. D." <cellule@videotron.ca>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: blocking icmp?
Message-ID: <20000122155954.A28578@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
References: <Pine.BSF.4.10.10001210425440.1316-100000@sekel.montain.dhs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <Pine.BSF.4.10.10001210425440.1316-100000@sekel.montain.dhs.org>
X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06  D6 21 2A C8 8C 16 C0 8E
X-Phone-Number: +30-94-6203692, +30-93-2886457
X-Address: Theodorou Kirinaiou 61, 26334 Patra, Greece
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Jan 21, 2000 at 04:26:08AM -0500, David V. D. wrote:
>
> I have a question about freebsd firewall, how can I set it to block (no
> reply) icmp. I'm using FreeBSD 3.4-20000112-STABLE.

If you want to stop only the outgoing icmp messages, and your interface to
the world is ppp0, you can use:

    ipfw add NUM deny icmp from any to any out xmit ppp0

Change NUM accordingly, and replace `ppp0' with the interface of your default
route.  If you have more than one interfaces, you can add more rules for them
like the one shown above, i.e.

    ipfw add NUM deny icmp from any to any out xmit ed0
    ipfw add NUM deny icmp from any to any out xmit tun0

You get the point by now...

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
"Don't let your schooling interfere with your education." [Mark Twain]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message