From owner-freebsd-hackers  Wed Feb  7  7:46:54 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP id 4784537B491
	for <freebsd-hackers@FreeBSD.ORG>; Wed,  7 Feb 2001 07:46:37 -0800 (PST)
Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.1/8.11.0) with ESMTP id f17FkU888386;
	Wed, 7 Feb 2001 10:46:30 -0500 (EST)
	(envelope-from louie@whizzo.transsys.com)
Message-Id: <200102071546.f17FkU888386@whizzo.transsys.com>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Nick Rogness <nick@rapidnet.com>
Cc: milunovic <milunovic@sendmail.ru>, freebsd-hackers@FreeBSD.ORG
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
Subject: Re: echo request deny 
References: <Pine.BSF.4.21.0102061216050.51787-100000@rapidnet.com> 
In-reply-to: Your message of "Tue, 06 Feb 2001 12:23:27 MST."
             <Pine.BSF.4.21.0102061216050.51787-100000@rapidnet.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 07 Feb 2001 10:46:30 -0500
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Tue, 6 Feb 2001, milunovic wrote:
> 
> > Is there anyway to deny echo request on FreeBSD (except ipfw add deny
> > icmp from any to any) ?
> > On Linux It was simple,just echo 1>/proc/.../icmp_echo_request
> 
> 	If you just want to block echo_requests and don't want to
> 	block any other ICMP why not use ipfw?
> 
> 	ipfw add 1000 deny icmp from any to any in via xl0 icmptypes 8
> 
> 	This will still allow other icmp to work...so why not use it?

Yes, indeed.  Just blocking all of ICMP will cause things like Path MTU
discovery to fail.

louie


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message