From owner-freebsd-security  Tue Jun 27  6:51:21 2000
Delivered-To: freebsd-security@freebsd.org
Received: from relay1.inwind.it (relay1.inwind.it [212.141.53.67])
	by hub.freebsd.org (Postfix) with ESMTP id 66BCF37BB1B
	for <freebsd-security@FreeBSD.ORG>; Tue, 27 Jun 2000 06:51:09 -0700 (PDT)
	(envelope-from bartequi@inwind.it)
Received: from bartequi.ottodomain.org (212.141.78.7) by relay1.inwind.it; 27 Jun 2000 15:51:06 +0200
From: Salvo Bartolotta <bartequi@inwind.it>
Date: Tue, 27 Jun 2000 14:53:05 GMT
Message-ID: <20000627.14530500@bartequi.ottodomain.org>
Subject: icmp type 3 code 4: a couple of questions
To: freebsd-security@FreeBSD.ORG
X-Mailer: SuperCalifragilis
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Dear FreeBSD'ers,

I am running a paranoidly closed firewall (homebox).

Just out of curiosity, is there an *ipfw* way to allow ONLY icmp type=20
3 code 4 packets (DF), dropping all other icmp packets onto the floor=20
?

The question may be academic, though; I seem to understand that=20
letting icmptypes 3 in (while letting NO icmp packets out) should=20
achieve the same (paranoid) goal. Am I missing anything ?  =20

Thanks in advance,
Salvo





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message