Date: 24 Feb 2002 13:16:31 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: "Jeff Palmer" <scorpio@drkshdw.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Couple of concerns with default rc.firewall Message-ID: <xzpy9hjulb4.fsf@flood.ping.uio.no> In-Reply-To: <003b01c1bcda$d4f06020$0286a8c0@home.lan> References: <003b01c1bcda$d4f06020$0286a8c0@home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jeff Palmer" <scorpio@drkshdw.org> writes:
> Is there any reason in particular, that ALL icmp traffic is denied
> by default, except for using the 'open' ruleset?
The default rule #65535 is "deny ip from any to any". Wouldn't you be
surprised if this *didn't* block all ICMP packets?
Just add the following early on in your firewall ruleset:
allow icmp from any to any icmptype 0,3,8,11
preferably *after* any anti-spoofing rules.
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpy9hjulb4.fsf>