From owner-freebsd-security Tue Aug 22 23:38:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3e127.neo.rr.com [24.93.184.127]) by hub.freebsd.org (Postfix) with ESMTP id 437EC37B423 for ; Tue, 22 Aug 2000 23:38:16 -0700 (PDT) Received: from localhost (mike@localhost) by jason.argos.org (8.10.1/8.10.1) with ESMTP id e7N6Z2Z04347; Wed, 23 Aug 2000 02:35:02 -0400 Date: Wed, 23 Aug 2000 02:35:02 -0400 (EDT) From: Mike Nowlin To: Warner Losh Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: <200008220128.TAA43045@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For ICMP packets, drop them on the floor, but make sure that you have > the path mtu types enabled. > > Warner Mebbe we should put in something into the kernel that always lets those packets through... (Just kidding... :) ) Actually, maybe a warning message (with a sysctl knob to turn it off) that gets triggered when these packets are blocked by ipfw & friends might not be a completely horrible idea. If people start seeing "this is dumb" messages show up, they'll probably ask "Why?". Enlightenment for the masses. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Understated/funny man-page sentence of the current time period: From route(4) on FreeBSD-3.4, DESCRIPTION section: "FreeBSD provides some packet routing facilities." ...duh....... Mike Nowlin, N8NVW mike@argos.org http://www.viewsnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message