From owner-freebsd-security Thu Dec 24 01:54:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA09612 for freebsd-security-outgoing; Thu, 24 Dec 1998 01:54:16 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA09607 for ; Thu, 24 Dec 1998 01:54:15 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id BAA19489; Thu, 24 Dec 1998 01:53:52 -0800 (PST) Message-Id: <199812240953.BAA19489@burka.rdy.com> Subject: Re: IPFW configuration question In-Reply-To: <19981224021632.D29742@numachi.com> from Brian Reichert at "Dec 24, 1998 2:16:32 am" To: reichert@numachi.com (Brian Reichert) Date: Thu, 24 Dec 1998 01:53:51 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Reichert writes: > > You might want ping: > > $fwcmd add allow icmp from any to any If you just want to use ping, I'd rather suggest specifying icmptypes/ > What I'm using for traceroute, which I'm not convinced is totally > correct: > > $fwcmd add allow udp from any to any 33434-33534 You might want to put: $fwcmd add allow udp from any to any 33434-33534 out to allow outgoing traceroute only. -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message