Date: 07 May 1999 18:23:39 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Pat Lynch <lynch@rush.net> Cc: Doug White <dwhite@resnet.uoregon.edu>, Fadi Sodah <sodah@qatar.net.qa>, freebsd-chat@freebsd.org Subject: Re: ICMP-attack Message-ID: <xzpd80ckfw4.fsf@flood.ping.uio.no> In-Reply-To: Pat Lynch's message of "Tue, 4 May 1999 18:48:32 -0400 (EDT)" References: <Pine.BSF.4.05.9905041837360.995-100000@bytor.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Pat Lynch <lynch@rush.net> writes: > true, I found out to my chagrin that MTU discovery didn;t work and > was causing problems when I blocked all icmp. Most people miss the point > of icmp, its not just for ping or traceroute. ipfw add pass icmp from any to any icmptype 3,11 ipfw add deny icmp from any to any 3 is Unreachable and 11 is Time Exceeded. That's all you need. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpd80ckfw4.fsf>