Date: Wed, 1 Sep 2004 20:37:52 -0700 (PDT) From: Dave <mudman@metafocus.net> To: freebsd-security@freebsd.org Subject: IPFW and icmp Message-ID: <20040901203202.U31170@metafocus.net>
next in thread | raw e-mail | index | archive | help
I'm not a master of the internet RFCs, but I do believe icmp messages have different types. Now to enable traceroute for IPFW, I might put in a rule like this: ipfw add pass icmp from any to me However, how would I make a rule to limit icmp messages to just those used by traceroute? Can the messages be distinguished as such? A dynamic rule that exists only for the duration of a traceroute execution would be even better. I take it 'setup' or 'check-state' would follow in that case?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040901203202.U31170>