Date: Thu, 23 Nov 2000 14:35:56 -0500 (EST) From: Vlad <tmd@tmd.df.ru> To: security@FreeBSD.ORG Subject: Re: ipf - icmp Message-ID: <Pine.BSF.4.21.0011231431360.18361-100000@tmd.df.ru> In-Reply-To: <Pine.BSF.4.21.0011231135060.75171-100000@libertad.univalle.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps there are other rules that follow before/after that supercede the icmp ones. Try using "quick" option. pass in quick on sis0 proto icmp from any to any icmp-type 0 pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3 pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4 pass in quick on sis0 proto icmp from any to any icmp-type timex pass out quick on sis0 proto icmp from any to any these entries will allow you to ping/traceroute anyone, will prohibit anyone from pinging/tracerouting you. On Thu, 23 Nov 2000, Buliwyf McGraw wrote: > > Hello... im doing some tests with ipf... i added this rules on the > system: > > block in on sis0 proto icmp all > block out on sis0 proto icmp all > > But, when i do a ping from another machine... the server answer the > icmp request without problems... I ask: Are the rules failing??? > > ======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle > ======================================================================= > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011231431360.18361-100000>