From owner-freebsd-questions Tue May 7 4: 3:20 2002 Delivered-To: freebsd-questions@freebsd.org Received: from infinity.aesredfish.net (ns1.aesredfish.net [65.168.0.12]) by hub.freebsd.org (Postfix) with ESMTP id 06CFE37B40D for ; Tue, 7 May 2002 04:03:14 -0700 (PDT) Received: from potentialtech.com (mhope-dhcp-65-168-1-181.dashfast.com [65.168.1.181]) by infinity.aesredfish.net (8.11.6/8.11.0) with ESMTP id g47B36U23078; Tue, 7 May 2002 07:03:06 -0400 Message-ID: <3CD7B5A3.2070805@potentialtech.com> Date: Tue, 07 May 2002 07:08:19 -0400 From: Bill Moran Organization: Potential Technologies User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc1) Gecko/20020502 X-Accept-Language: en-us, en MIME-Version: 1.0 To: mehrdad nosrati Cc: freebsd-questions@FreeBSD.ORG Subject: Re: help Plz. References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG mehrdad nosrati wrote: > 2)I want to use "ipfw" utility so I've added the following option to > it's kernel.Are them correct?If not what's the correct? > options IPFIREWALL > options IPFIREWALL_VERBOSE > options "IPFIREWALL_VERBOSE_LIMIT"=1000 > options IPFIREWALL_DEFAULT_TO_ACCEPT > config kernel root on wd0 Did you build and install the kernel and reboot according to these instructions: http://www.freebsd.org/handbook/kernelconfig.html Did you then insert to the proper ipfw config lines in /etc/rc.conf, see "man rc.conf". Something like the following will get you started: firewall_enable="yes" firewall_type="open" Note that the "open" type isn't very secure, but you'll have to research /etc/rc.firewall before you can really use any of the more secure firewall types. > 3)The following error message is another problem: > icmp-response bandwidth limit 420/200 pps > icmp-response bandwidth limit 420/200 pps > icmp-response bandwidth limit 420/200 pps This is not really an "error". The system is designed to limit the rate at wich it replies to ICMP messages (commonly "ping") to prevent DoS attacks and other types of problems. You'll see this message if you or someone else tries to ping flood the machine, or port scan it with something like nmap. If you're not the one doing this, then you have some sort of troublemaker on the network messing with the machine. -- Bill Moran Potential Technology http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message