Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Oct 2002 10:35:49 +0100
From:      Ceri Davies <setantae@submonkey.net>
To:        Giorgos Keramidas <keramida@freebsd.org>
Cc:        "Jack L. Stone" <jackstone@sage-one.net>, Patrick O'Reilly <bsd@perimeter.co.za>, questions@freebsd.org, master <master@tyranz.com>
Subject:   Re: block icmp with ipfw
Message-ID:  <20021007093549.GA7137@submonkey.net>
In-Reply-To: <20021006004911.GB39351@hades.hell.gr>
References:  <3.0.5.32.20021005085103.011d62c0@mail.sage-one.net> <3.0.5.32.20021005193900.01199da8@mail.sage-one.net> <20021006004911.GB39351@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Oct 06, 2002 at 03:49:11AM +0300, Giorgos Keramidas wrote:
> On 2002-10-05 19:39, "Jack L. Stone" <jackstone@sage-one.net> wrote:
> > At 09:41 PM 10.5.2002 +0300, Giorgos Keramidas wrote:
> > >On 2002-10-05 08:51, Jack L. Stone wrote:
> > >> At 03:41 PM 10.5.2002 +0200, Patrick O'Reilly wrote:
> > >> >From: "master" <master@tyranz.com>
> > >> > > hi all i would like to know the syntax of ipfw to block icmp ping?
> > >> > > (echo and reply)
> > >> >
> > >> > ipfw add 123 deny ip from any to any icmtypes 8
> > >>
> > >> .... but if you still want to ping OUT....
> > >> ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
> > >
> > >That will negate the effect of any firewall rules that "block" icmp
> > >packets though, i.e. it's the opposite of what was asked :-)
> >
> > ....then answer the poster's question. I don't have the same other rule in
> > conflict....
> 
> Pardon me sounding a bit offensive, if I did.  I meant that there is
> no good rule that allows outgoing pings but blocks incoming ones.

This seems to work for me:

add 00602 allow icmp from any to any icmptypes 8 out
add 00603 allow icmp from any to any icmptypes 0 in
...
default deny

Ceri
-- 
you can't see when light's so strong
you can't see when light is gone

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007093549.GA7137>