From owner-freebsd-questions Fri Sep 6 07:10:32 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA07034 for questions-outgoing; Fri, 6 Sep 1996 07:10:32 -0700 (PDT) Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA07021 for ; Fri, 6 Sep 1996 07:10:20 -0700 (PDT) Received: (from nadav@localhost) by gatekeeper.barcode.co.il (8.6.12/8.6.12) id RAA29077; Fri, 6 Sep 1996 17:08:37 +0200 Date: Fri, 6 Sep 1996 17:08:37 +0200 (IST) From: Nadav Eiron To: Hal Snyder cc: Hal Snyder , "'Nash, Alex'" , "'questions@freebsd.org'" Subject: RE: catching a ping/ipfw/ipfilter In-Reply-To: <01BB9BD3.B49048A0@jaguar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 6 Sep 1996, Hal Snyder wrote: > Nadav Eiron wrote: > > > > For syslogging, you could enable IPFIREWALL and use the likes of > > > ipfw add accept log icmp from any to ${my_ip} icmptypes 0,8 > > > Better than ipfw, you can use IPfilter (I think it's in the ports, and if > > not, you can use the standard version, it has instructions for compiling > > on FreeBSD, at least for 2.1.0). Unlike ipfw it knows about ICMP types so > > you can log/block just ICMP echos. > > That's precisely what the *icmptypes* arg is for in the ipfw line above. > > Haven't used ipfilter - though I noticed a lengthy thread a few weeks ago > about ipfilter vs. ipfw. It turned into yet another holy war toward the end. > > I know that ipfw is significantly improved in 2.1.5 over the 2.1.0 version, Well, then that's probably it. I'm running 2.1.0 on my firewall, and the docs specifically mention that ipfw cannot filter on ICMP types, so I use IPfilter. > including allowing rules applicable to selected ICMP packet types. I use it > because I know how to get it to work for me, and am quite happy with the > results. > > >