Date: Mon, 25 Jun 2001 23:58:06 -0400 From: "Ryan Masse" <mail@max-info.net> To: <ohshutup@zdnetonebox.com> Cc: "FreeBSD-Questions" <freebsd-questions@freebsd.org> Subject: Re: disable traceroute to my host Message-ID: <005e01c0fdf4$3e56d720$3200a8c0@Home> References: <20010622230217.JKT10107.mta05.onebox.com@onebox.com> <24425762.993226129@[192.168.1.21]>
next in thread | previous in thread | raw e-mail | index | archive | help
could you not do;
sysctl -w net.inet.udp.blackhole=1
man blackhome
<snip>
In the UDP instance, enabling blackhole behaviour turns off the sending
of an ICMP port unreachable message in response to a UDP datagram
which
arrives on a port where there is no socket listening. It must be noted
that this behaviour will prevent remote systems from running
traceroute(8) to your system.
<snip>
Ryan
>
>
> --On Friday, June 22, 2001 4:02 PM -0700 Kris Anderson
> <ohshutup@zdnetmail.com> wrote:
>
> > Now, if anybody knows of a more subtler way to allow ICMP out and back
> > in, but keep any externals from coming in I certainly am one who would
> > like to know.
>
> man 8 ipfw
>
> If you search for icmp you'll find the lsiting on icmptypes. You can
> specify what icmp to block and let through...
>
> --Larry
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005e01c0fdf4$3e56d720$3200a8c0>