From owner-freebsd-security  Mon Aug 21  4:59:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp2.port.ru (mx2.port.ru [194.67.23.33])
	by hub.freebsd.org (Postfix) with ESMTP id B589B37B424
	for <freebsd-security@freebsd.org>; Mon, 21 Aug 2000 04:59:46 -0700 (PDT)
Received: from [212.96.98.32] (helo=[212.96.98.32])
	by smtp2.port.ru with esmtp (Exim 3.14 #44)
	id 13QqEs-000Nzc-00; Mon, 21 Aug 2000 15:59:41 +0400
Date: Mon, 21 Aug 2000 15:59:35 +0400 (MSD)
From: Jaroshenko Serge <jaroshenko@mail.ru>
X-Sender: jaroshenko@freebsd.merlin.ru
To: Mipam <mipam@ibb.net>
Cc: William Wong <willwong@anime.ca>, freebsd-security@FreeBSD.ORG
Subject: Re: icmptypes
In-Reply-To: <Pine.LNX.3.95.1000821131544.7312D-100000@ux1.ibb.net>
Message-ID: <Pine.BSF.4.21.0008211549410.8776-100000@freebsd.merlin.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Mon, 21 Aug 2000, Mipam wrote:

> On Mon, 21 Aug 2000, Jaroshenko Serge wrote:
> 
> > 
> > Hi!
> > read www.obfuscation.org/ipf/ipf-howto.txt .
> > 
> > By this doc:
> > 
> > icmp-type 0
> > icmp-type 3
> > icmp-type 8
> > icmp-type 11
> > 
> 
> Okay, however, why not block in all icmp and let yourself be able to ping
> to the outside. 

O'key, if don't need traceroute or icmp destination-unreachable -
block in all proto icmp , but in this case your browser or (ftp client)
long time wait response from unreachable destination!

> With state keeping you'll recieve the reply's.

Try it!

> Unless of course you wish ppl to ping you initially?
> Bye,
> 
> Mipam.
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message