From owner-freebsd-questions  Mon Jun 25 21: 0:48 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from comp1.mastery.ca (comp1.mastery.ca [209.202.88.60])
	by hub.freebsd.org (Postfix) with ESMTP id 8F9D537B405
	for <freebsd-questions@freebsd.org>; Mon, 25 Jun 2001 21:00:42 -0700 (PDT)
	(envelope-from mail@max-info.net)
Received: from 78kw954 (dyn216-8-131-5.ADSL.mnsi.net [216.8.131.5])
	(authenticated)
	by comp1.mastery.ca (8.11.3/8.11.1) with ESMTP id f5Q40aA19001;
	Tue, 26 Jun 2001 00:00:40 -0400 (EDT)
	(envelope-from mail@max-info.net)
Message-ID: <005e01c0fdf4$3e56d720$3200a8c0@Home>
From: "Ryan Masse" <mail@max-info.net>
To: <ohshutup@zdnetonebox.com>
Cc: "FreeBSD-Questions" <freebsd-questions@freebsd.org>
References:  <20010622230217.JKT10107.mta05.onebox.com@onebox.com> <24425762.993226129@[192.168.1.21]>
Subject: Re: disable traceroute to my host
Date: Mon, 25 Jun 2001 23:58:06 -0400
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

could you not do;

sysctl -w net.inet.udp.blackhole=1

man blackhome

<snip>
    In the UDP instance, enabling blackhole behaviour turns off the sending
     of an ICMP port unreachable message in response to a UDP datagram
which
     arrives on a port where there is no socket listening.  It must be noted
     that this behaviour will prevent remote systems from running
     traceroute(8) to your system.
<snip>

Ryan
>
>
> --On Friday, June 22, 2001 4:02 PM -0700 Kris Anderson
> <ohshutup@zdnetmail.com> wrote:
>
> > Now, if anybody knows of a more subtler way to allow ICMP out and back
> > in, but keep any externals from coming in I certainly am one who would
> > like to know.
>
> man 8 ipfw
>
> If you search for icmp you'll find the lsiting on icmptypes.  You can
> specify what icmp to block and let through...
>
> --Larry
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message