From owner-freebsd-ipfw  Tue Sep 21  0:42:16 1999
Delivered-To: freebsd-ipfw@freebsd.org
Received: from ns.anp.nl (ns.anp.nl [195.81.24.2])
	by hub.freebsd.org (Postfix) with ESMTP id CCDF1150C6
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 21 Sep 1999 00:42:12 -0700 (PDT)
	(envelope-from hvoers@anp.nl)
Received: from ns.anp.nl (ns.anp.nl [195.81.24.2])
	by ns.anp.nl (8.9.1/8.9.1) with ESMTP id JAA27877;
	Tue, 21 Sep 1999 09:40:35 +0200
Date: Tue, 21 Sep 1999 09:40:35 +0200 (cest)
From: Henk van Oers <hvoers@anp.nl>
To: Brian Tan <brian@sys.com.sg>
Cc: "Rodney W. Grimes" <rgrimes@gndrsh.dnsmgr.net>,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: what is 'ICMP:3.13' ?
In-Reply-To: <37E6DD2D.360DBF8F@sys.com.sg>
Message-ID: <Pine.QNX4.4.10.9909210923530.19183-100000@ns.anp.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 21 Sep 1999, Brian Tan wrote:

> Henk van Oers wrote:
> > 
> > 
> > "Tried the following"? Did you know what you where doing?
> > Isn't the Cisco wrong configured?
> > 
> The Cisco does have IGRP enabled. Is there any problem allowing the
> protocol packet through? or should the IGRP be disabled in the Cisco?

I do not see the use of "private interior gateway protocol" on a public
interface, so why allow the packets.
And if the Cisco has no  one to talk to, why litter the LAN?
When you "tried" the allow rule, I was thinking of why not try to disallow
it? The ipfw rules are there to enable what you need and not to let
through what you don't know. Isn't it?

Henk.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message