Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 03 Dec 1999 12:26:52 +0200
From:      Sheldon Hearn <sheldonh@uunet.co.za>
To:        "Michael Birch {PCISD Tech}" <mike@pcisd.com>
Cc:        questions@freebsd.org
Subject:   Re: BSD Question 
Message-ID:  <444.944216812@axl.noc.iafrica.com>
In-Reply-To: Your message of "Fri, 03 Dec 1999 10:48:10 %2B0200." <10258.944210890@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Fri, 03 Dec 1999 10:48:10 +0200, Sheldon Hearn wrote:

> If you meant ICMP, there doesn't appear to be any knob that you can
> fiddle with to disable ICMP replies.  You'd have to use packet
> filtering, as with IPFW or IPFilter.

If you're too lazy for that, you can patch your kernel source with the
diff below and rebuild your kernel.  Once you've booted the new kernel,
this command will drop _all_ ICMP traffic:

	sysctl -w net.inet.icmp.drop_all=1

Note that this will even drop answers to your own ICMP echo requests.

Whether or not IPFW or this patch is more suited to your level of
laziness depends on you.  :-)

Ciao,
Sheldon.

Index: ip_icmp.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.37
diff -u -d -r1.37 ip_icmp.c
--- ip_icmp.c	1999/09/14 16:40:28	1.37
+++ ip_icmp.c	1999/12/03 09:03:42
@@ -69,6 +69,10 @@
 SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
 	&icmpmaskrepl, 0, "");
 
+static int	drop_all = 0;
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_all, CTLFLAG_RW, 
+	&drop_all, 0, "Drop all incoming ICMP messages");
+
 static int	drop_redirect = 0;
 SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW, 
 	&drop_redirect, 0, "");
@@ -231,6 +235,8 @@
 	void (*ctlfunc) __P((int, struct sockaddr *, void *));
 	int code;
 
+	if (drop_all)
+		goto freeit;
 	/*
 	 * Locate icmp structure in mbuf, and check
 	 * that not corrupted and of at least minimum length.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?444.944216812>