Date: Sun, 3 Jan 1999 18:00:13 -0800 (PST) From: Mike Meyer <mwm@phone.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Question Message-ID: <Pine.BSF.4.05.9901031746420.11212-100000@guru.phone.net> In-Reply-To: <368FD872.C6D876A5@email.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> I ran into a problem trying to do the following: I want, using the IPFW, > to disable my echo service. This works via icmp so the following line > disables it totally: Assuming you just want to reject echo (and are allowing everything else), then you should note that echo is 8, not 7. So the line should be (for 3.0-RELEASE; if you're running an earlier version, it might be different): ipfw add 1 reject icmp from any to 212.242.22./24 icmptypes 8 This works (well, with my ip addresses in it) for me - the remote host gets "host unreachable" messages. But it's better to work firewalls the other way - deny everything, and then allow the ones you need to let through. So you really want something like: ipfw add 10 allow icmp from any to 212.242.22./24 icmptypes 0,3,11,12,13,14,15,16,17,18 ipfw add 20 allow icmp from 212.242.22./24 to any ipfw add 30 deny icmp from any to any I allowed the inbound set I normally allow, minus echo. You'll may want to change that. I also allow arbitrary outbound icmp, which you might also want to change. But the above is better than denying 8 and allowing everything else! <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9901031746420.11212-100000>