From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 1 07:46:00 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7585837B401 for ; Fri, 1 Aug 2003 07:46:00 -0700 (PDT) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52BF043F85 for ; Fri, 1 Aug 2003 07:45:59 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Fri, 1 Aug 2003 16:44:13 +0200 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DEFE@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Suggestion regarding a new option for IPFW2 Thread-Index: AcNYO55PmdJmPesMSuafB+0T+etkKg== From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: Subject: Suggestion regarding a new option for IPFW2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 14:46:00 -0000 I have a humble suggestion to an IPFW2 option. The option to send icmp error messages/tcp resets with src being the original destination of the offending packet.=20 I realize after looking at the src's that this might require a=20 separate icmp_error() - please correct me if i'm wrong! The intent is to "disguise" the source of the error message for forwarding firewalls protecting servers. Im thinking of a function like the one that is found in ipfilter. Is this an option the community would appreciate? Any thoughts and suggestions appreciated. -- Sten