From owner-freebsd-questions Tue May 26 22:28:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA29144 for freebsd-questions-outgoing; Tue, 26 May 1998 22:28:20 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dc1.mfn.org (dc1.mfn.org [204.238.179.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA29028 for ; Tue, 26 May 1998 22:27:51 -0700 (PDT) (envelope-from sysadmin@mfn.org) Received: from w3svcs.mfn.org (unverified [204.238.179.11]) by mail.mfn.org (EMWAC SMTPRS 0.83) with SMTP id ; Wed, 27 May 1998 00:28:07 -0500 Received: by w3svcs.mfn.org with Microsoft Mail id <01BD8905.F5465170@w3svcs.mfn.org>; Wed, 27 May 1998 00:25:31 -0500 Message-ID: <01BD8905.F5465170@w3svcs.mfn.org> From: "J.A. Terranson" To: "'William Woods'" Cc: FreeBSD Questions Subject: RE: firewall question... Date: Wed, 27 May 1998 00:25:30 -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [=] That's what I suspected. Instead of rejecting *all* ICMP packets, why not keep it to the ones that are causing you problems... ipfw add 100 deny icmp from any to : icmptype 8 this will disable ping packets only, and leave other ICMP functions intact. J.A. Terranson sysadmin@mfn.org OK, my theory behind this was blocking ping floods.....is this a legit way to stop em or not then.... J.A. Terranson wrote: > > ipfw add 100 deny icmp from any to any > > Note that this is NOT a good idea! Please choose the packets you > block very carefully, as some of them are actually needed! Simple > echo requests are no big deal to block, but things like redirects > and unavailables do you a favor! > > J.A. Terranson > sysadmin@mfn.org > > -----Original Message----- > From: William Woods [SMTP:wwoods@cybcon.com] > Sent: Tuesday, May 26, 1998 9:02 PM > To: FreeBSD Questions > Subject: firewall question... > > What would be the firewall rule to stop all incomming ICMP packets from > all? > > Bill > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message