Date: Mon, 14 Aug 2006 09:56:14 -0400 From: Charles Lacroix <clacroix@cegep-ste-foy.qc.ca> To: freebsd-pf@freebsd.org Subject: Re: ICMP traffic Message-ID: <200608140956.14645.clacroix@cegep-ste-foy.qc.ca> In-Reply-To: <d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com> References: <200608140938.11880.clacroix@cegep-ste-foy.qc.ca> <d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 14 August 2006 09:42, Cristiano Deana wrote:
> 2006/8/14, Charles Lacroix <clacroix@cegep-ste-foy.qc.ca>:
> > i was wondering which icmp type packets people accepted on there
> > production servers.
>
> did you read firewall(7) ?
I just checked it and it's talking about ipfw, i searched the man page for=
=20
icmp rules and found this little block.
Thanks for the hint.
# It is important to allow certain ICMP types through, here is a list
# of general ICMP types. Note that it is important to let ICMP type 3
# through.
#
# 0 Echo Reply
# 3 Destination Unreachable (used by TCP MTU discovery, aka
# packet-too-big)
# 4 Source Quench (typically not allowed)
# 5 Redirect (typically not allowed - can be dangerous!)
# 8 Echo
# 11 Time Exceeded
# 12 Parameter Problem
# 13 Timestamp
# 14 Timestamp Reply
#
# Sometimes people need to allow ICMP REDIRECT packets, which is
# type 5, but if you allow it make sure that your Internet router
# disallows it.
=2D-=20
Charles Lacroix, Administrateur UNIX.
Service des t=E9l=E9communications et des technologies
C=E9gep de Sainte-Foy
(418) 659-6600 # 4266
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608140956.14645.clacroix>