From owner-freebsd-security Mon Aug 21 15: 3:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id DC19837B50D for ; Mon, 21 Aug 2000 15:03:51 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 6E9E21C6C; Mon, 21 Aug 2000 18:03:51 -0400 (EDT) Date: Mon, 21 Aug 2000 18:03:51 -0400 From: Bill Fumerola To: William Wong Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000821180351.H57333@jade.chc-chimes.com> References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com> <006301c00bbb$13b9afa0$0300a8c0@anime.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <006301c00bbb$13b9afa0$0300a8c0@anime.ca>; from willwong@anime.ca on Mon, Aug 21, 2000 at 05:59:26PM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 21, 2000 at 05:59:26PM -0400, William Wong wrote: > I tried to "reset icmp" and it said that reset it only valid for tcp > packets. Would the polite way be to use some sort of "unreach" code? That's what I get for not reading your entire message... instead of deny use 'unreach ICMPCODE' example from memory: # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message