From owner-freebsd-questions Mon Jan 4 14:20:31 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA13554 for freebsd-questions-outgoing; Mon, 4 Jan 1999 14:20:31 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from guru.phone.net (guru.phone.net [209.157.82.120]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA13547 for ; Mon, 4 Jan 1999 14:20:28 -0800 (PST) (envelope-from mwm@phone.net) Received: (qmail 25019 invoked by uid 100); 4 Jan 1999 22:19:59 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Jan 1999 22:19:59 -0000 Date: Mon, 4 Jan 1999 14:19:59 -0800 (PST) From: Mike Meyer To: Stuart Henderson cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can ipfw filter only certain codes within an icmp type? In-Reply-To: <3690D4C1.B37FE486@eclipse.net.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I don't believe so. On the other hand, given that getting traceroute to work requires a very open attitude towards outbound TCP, why not just let all the ICMP_UNREACH message types through? Date: Mon, 04 Jan 1999 14:48:33 +0000 > From: Stuart Henderson > To: freebsd-questions@FreeBSD.ORG > Subject: Can ipfw filter only certain codes within an icmp type? > > I'm trying to configure an ipfw to filter most > ICMP_UNREACH (icmptype 3) messages but allow > ICMP_UNREACH_PORT (type=3,code=3) through (so > that traceroute still works). Is this possible > without local patches? > > Thanks in advance, > Stuart > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message