Date: Mon, 24 Jul 2000 23:31:30 -0700 From: Kent Stewart <kstewart@urx.com> To: "Dan O'Connor" <dan@mostgraveconcern.com> Cc: Sam Carleton <scarleton@miltonstreet.com>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: allowing pings out from my firewall Message-ID: <397D3442.BE61F6FC@urx.com> References: <001a01bff600$29d01980$029b140a@danco>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan O'Connor wrote: > > >See the "Setting-up a Dual-Homed Host..." at > >http://www.mostgraveconcern.com/freebsd/. He has an example of > >allowing ping and another for setting up traceroute. The traceroute > >only permits 30 hop's. > > Over the past few days, I've been working on optimizing the rules shown on > my cheat sheet. They should work a little more efficiently now... > > Rules are now included for allowing outgoing pings, but denying incoming > pings; and the traceroute rule includes all 90 traceroute ports. > > BTW, the direct route to the Dual-Homed Host page is > http://www.mostgraveconcern.com/freebsd/sheet.cgi?ipfw You should have see the first one I passed on. It was the cdrw. I don't know how it popped up in the address line. I got a "what does that have to do with firewalls back" and I did a real double take. To late to do anything but grin :). > > Let me know if you have any problems... Well, I am having slight problems and I'm going down to the basement where that computer is to work on it. I think I need some extra stuff but I'm not sure what. I'll look up your new changes and see what they do for me. I had some activity come in from a 61.x.x.x and a 202.x.x.x on port 23 that I tried to traceroute and it went to la-la land. Since there was no reason for them coming in on port 23 I just did a deny all for that network. I also have a bunch of udp 121's that I log to 100 and stop logging. I think about denying them and try to log others doing the same thing but there are higher priorities. I sldo have a few NETBEUI packets other than that, the DSL is pretty quiet. Tcpdump, on the other hand, sees everything and is active at times :). Kent > > --Dan > > -- > Dan O'Connor > On Matters of Most Grave Concern > http://www.mostgraveconcern.com > FreeBSD Cheat Sheets > http://www.mostgraveconcern.com/freebsd/ -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ Bomber dropping fire retardant in front of Hanford Wild fire. http://kstewart.urx.com/kstewart/bomber.jpg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397D3442.BE61F6FC>