Date: Mon, 21 Aug 2000 15:16:03 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: billf@chimesnet.com (Bill Fumerola) Cc: willwong@anime.ca (William Wong), freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <200008212216.PAA31247@gndrsh.dnsmgr.net> In-Reply-To: <20000821180351.H57333@jade.chc-chimes.com> from Bill Fumerola at "Aug 21, 2000 06:03:51 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mon, Aug 21, 2000 at 05:59:26PM -0400, William Wong wrote: > > > I tried to "reset icmp" and it said that reset it only valid for tcp > > packets. Would the polite way be to use some sort of "unreach" code? > > That's what I get for not reading your entire message... > > instead of deny use 'unreach ICMPCODE' > > example from memory: > # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 The 8 case would be okay, but returning an icmp unreach for an icmp echo reply would be a violation of the protocol spec. I would recomend against it. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008212216.PAA31247>