Date: Mon, 14 Aug 2006 09:56:14 -0400 From: Charles Lacroix <clacroix@cegep-ste-foy.qc.ca> To: freebsd-pf@freebsd.org Subject: Re: ICMP traffic Message-ID: <200608140956.14645.clacroix@cegep-ste-foy.qc.ca> In-Reply-To: <d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com> References: <200608140938.11880.clacroix@cegep-ste-foy.qc.ca> <d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 14 August 2006 09:42, Cristiano Deana wrote: > 2006/8/14, Charles Lacroix <clacroix@cegep-ste-foy.qc.ca>: > > i was wondering which icmp type packets people accepted on there > > production servers. > > did you read firewall(7) ? I just checked it and it's talking about ipfw, i searched the man page for= =20 icmp rules and found this little block. Thanks for the hint. # It is important to allow certain ICMP types through, here is a list # of general ICMP types. Note that it is important to let ICMP type 3 # through. # # 0 Echo Reply # 3 Destination Unreachable (used by TCP MTU discovery, aka # packet-too-big) # 4 Source Quench (typically not allowed) # 5 Redirect (typically not allowed - can be dangerous!) # 8 Echo # 11 Time Exceeded # 12 Parameter Problem # 13 Timestamp # 14 Timestamp Reply # # Sometimes people need to allow ICMP REDIRECT packets, which is # type 5, but if you allow it make sure that your Internet router # disallows it. =2D-=20 Charles Lacroix, Administrateur UNIX. Service des t=E9l=E9communications et des technologies C=E9gep de Sainte-Foy (418) 659-6600 # 4266
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608140956.14645.clacroix>