Date: Wed, 13 Aug 2003 12:41:13 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: Mark <admin@asarian-host.net> Cc: freebsd-questions@freebsd.org Subject: Re: Restricting ICMP Message-ID: <20030813123805.Y90272-100000@hewey.af.speednet.com.au> In-Reply-To: <200308120022.H7C0MGXS058078@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> Is there a way I can use ipfw to disallow ICMP from anyone, but root?
> (FreeBSD 4.7R) I tried this:
>
> ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via
> ${outside}
> ${fwcmd} -q add 4 allow icmp from any to any uid root
> ${fwcmd} -q add 4 deny log icmp from any to any
man ipfw says:
uid user
Match all TCP or UDP packets sent by or received for a user. A
user may be matched by name or identification number.
..which sort of implies it wont work for icmp.
Why would you want this policy?
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030813123805.Y90272-100000>