Date: Mon, 21 Aug 2000 17:34:25 -0400 From: "William Wong" <willwong@anime.ca> To: <freebsd-security@freebsd.org> Subject: Re: icmptypes Message-ID: <003c01c00bb7$94783340$0300a8c0@anime.ca> References: <Pine.LNX.3.95.1000821102609.7312A-100000@ux1.ibb.net> <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi there, Thanks for the responses. I've got a somewhat follow up question. Instead of just dropping an icmp packet with say ipfw's deny rule, is there a "polite" way to deny the packet. To clarify, I want to send an equivalent of a "tcp reset" back, to let them know it's closed. Or is there no such thing as this for the icmp protocol? I'm not that familiar with this protocol as you can see. - Will ----- Original Message ----- From: "Sean Winn" <sean@gothic.net.au> To: "William Wong" <willwong@anime.ca> Sent: Monday, August 21, 2000 5:10 AM Subject: Re: icmptypes > So far I've found no major need to drop ICMP except for redirect. > From: "Mipam" <mipam@ibb.net> > > Sure sure.... > > > > Basically, you just wish to allow icmp requests and icmp reply's (type 8 > > and 0). > > Deny the rest. Also make sure to deny any icmp fragmented packets. > > For the rest what you wish to deny or allow is up to you :) > > Bye, > > > > Mipam. > > > And if there is, which icmptypes should be allowed in at the minimum? > > > > > > - Will To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003c01c00bb7$94783340$0300a8c0>