Date: Sun, 04 Dec 2011 01:44:53 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: ipfw And ping Message-ID: <4EDB24F5.9010301@tundraware.com> In-Reply-To: <20111204171900.N3548@sola.nimnet.asn.au> References: <20111203120031.55D471065772@hub.freebsd.org> <20111204171900.N3548@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/04/2011 01:04 AM, Ian Smith wrote:
<SNIP>
>
> For one, google 'icmp redirect attack'
But isn't that handled by setting:
net.inet.icmp.drop_redirect=1
> # This is the ICMP rule we generally use:
> # ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18
Hmmm.... I just tried this and it seems to break ping...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EDB24F5.9010301>