Date: Wed, 27 May 1998 00:25:30 -0500 From: "J.A. Terranson" <sysadmin@mfn.org> To: "'William Woods'" <wwoods@cybcon.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: RE: firewall question... Message-ID: <01BD8905.F5465170@w3svcs.mfn.org>
next in thread | raw e-mail | index | archive | help
[=] That's what I suspected. Instead of rejecting *all* ICMP packets, why not keep it to the ones that are causing you problems... ipfw add 100 deny icmp from any to <your network>:<netmask> icmptype 8 this will disable ping packets only, and leave other ICMP functions intact. J.A. Terranson sysadmin@mfn.org OK, my theory behind this was blocking ping floods.....is this a legit way to stop em or not then.... J.A. Terranson wrote: > > ipfw add 100 deny icmp from any to any > > Note that this is NOT a good idea! Please choose the packets you > block very carefully, as some of them are actually needed! Simple > echo requests are no big deal to block, but things like redirects > and unavailables do you a favor! > > J.A. Terranson > sysadmin@mfn.org > > -----Original Message----- > From: William Woods [SMTP:wwoods@cybcon.com] > Sent: Tuesday, May 26, 1998 9:02 PM > To: FreeBSD Questions > Subject: firewall question... > > What would be the firewall rule to stop all incomming ICMP packets from > all? > > Bill > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BD8905.F5465170>