Date: Wed, 23 Aug 2000 00:43:35 -0600 (MDT) From: "David G. Andersen" <dga@pobox.com> To: mike@argos.org (Mike Nowlin) Cc: imp@village.org (Warner Losh), willwong@anime.ca (William Wong), freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <200008230643.AAA04684@faith.cs.utah.edu> In-Reply-To: <Pine.LNX.4.21.0008230230400.4338-100000@jason.argos.org> from "Mike Nowlin" at Aug 23, 2000 02:35:02 AM
next in thread | previous in thread | raw e-mail | index | archive | help
Ugh. That's the job of the tool that sets up the firewall for the user,
or the {book, manpage, etc} the user uses to learn how to set up their
firewall. If you start trying to build policy into the firewall tools
themselves, you'll just get a headache.
... of course, the FreeBSD firewall examples deny ICMP unconditionally. :)
-Dave
Lo and behold, Mike Nowlin once said:
>
> Actually, maybe a warning message (with a sysctl knob to turn it off) that
> gets triggered when these packets are blocked by ipfw & friends might not
> be a completely horrible idea. If people start seeing "this is
> dumb" messages show up, they'll probably ask "Why?".
>
> Enlightenment for the masses.
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008230643.AAA04684>