From owner-freebsd-security Mon Aug 21 18:29:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 42C6A37B43C for ; Mon, 21 Aug 2000 18:29:42 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id TAA56073; Mon, 21 Aug 2000 19:29:41 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id TAA43045; Mon, 21 Aug 2000 19:28:36 -0600 (MDT) Message-Id: <200008220128.TAA43045@harmony.village.org> To: "William Wong" Subject: Re: icmptypes Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 21 Aug 2000 17:34:25 EDT." <003c01c00bb7$94783340$0300a8c0@anime.ca> References: <003c01c00bb7$94783340$0300a8c0@anime.ca> <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> Date: Mon, 21 Aug 2000 19:28:36 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <003c01c00bb7$94783340$0300a8c0@anime.ca> "William Wong" writes: : Thanks for the responses. I've got a somewhat follow up question. : Instead of just dropping an icmp packet with say ipfw's deny rule, is there : a "polite" way to deny the packet. To clarify, I want to send an equivalent : of a "tcp reset" back, to let them know it's closed. Or is there no such : thing as this for the icmp protocol? I'm not that familiar with this : protocol as you can see. For ICMP packets, drop them on the floor, but make sure that you have the path mtu types enabled. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message