From owner-freebsd-chat Fri May 7 9:23:54 1999 Delivered-To: freebsd-chat@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id EBC2014E59 for ; Fri, 7 May 1999 09:23:49 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id SAA08973; Fri, 7 May 1999 18:23:40 +0200 (CEST) (envelope-from des) To: Pat Lynch Cc: Doug White , Fadi Sodah , freebsd-chat@freebsd.org Subject: Re: ICMP-attack References: From: Dag-Erling Smorgrav Date: 07 May 1999 18:23:39 +0200 In-Reply-To: Pat Lynch's message of "Tue, 4 May 1999 18:48:32 -0400 (EDT)" Message-ID: Lines: 13 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Pat Lynch writes: > true, I found out to my chagrin that MTU discovery didn;t work and > was causing problems when I blocked all icmp. Most people miss the point > of icmp, its not just for ping or traceroute. ipfw add pass icmp from any to any icmptype 3,11 ipfw add deny icmp from any to any 3 is Unreachable and 11 is Time Exceeded. That's all you need. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message