Date: Wed, 23 Aug 2000 00:43:35 -0600 (MDT) From: "David G. Andersen" <dga@pobox.com> To: mike@argos.org (Mike Nowlin) Cc: imp@village.org (Warner Losh), willwong@anime.ca (William Wong), freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <200008230643.AAA04684@faith.cs.utah.edu> In-Reply-To: <Pine.LNX.4.21.0008230230400.4338-100000@jason.argos.org> from "Mike Nowlin" at Aug 23, 2000 02:35:02 AM
next in thread | previous in thread | raw e-mail | index | archive | help
Ugh. That's the job of the tool that sets up the firewall for the user, or the {book, manpage, etc} the user uses to learn how to set up their firewall. If you start trying to build policy into the firewall tools themselves, you'll just get a headache. ... of course, the FreeBSD firewall examples deny ICMP unconditionally. :) -Dave Lo and behold, Mike Nowlin once said: > > Actually, maybe a warning message (with a sysctl knob to turn it off) that > gets triggered when these packets are blocked by ipfw & friends might not > be a completely horrible idea. If people start seeing "this is > dumb" messages show up, they'll probably ask "Why?". > > Enlightenment for the masses. -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008230643.AAA04684>