Date: Fri, 22 Jun 2001 19:47:28 -0400 From: "Ryan Masse" <mail@max-info.net> To: "Lawrence Sica" <larry@interactivate.com> Cc: <ohshutup@zdnetonebox.com>, "FreeBSD-Questions" <freebsd-questions@freebsd.org> Subject: Re: disable traceroute to my host Message-ID: <00a201c0fb75$b7f4e800$3200a8c0@Home> References: <20010622230217.JKT10107.mta05.onebox.com@onebox.com> <24425762.993226129@[192.168.1.21]>
next in thread | previous in thread | raw e-mail | index | archive | help
man ipfw and read up on icmptypes. you may wanna do something like the following; ipfw add allow icmp from any to any out via $interface ipfw add allow icmp from any to any in via $interface icmptype 0 ipfw add deny icmp from any to any in via $interface this will breack various aspects of the icmp protocol but it will all for all echo responses generated from the inside to be received back through the firewall. Again this may or may not work in your attempts to deny a traceroute. Ryan > > > --On Friday, June 22, 2001 4:02 PM -0700 Kris Anderson > <ohshutup@zdnetmail.com> wrote: > > > Now, if anybody knows of a more subtler way to allow ICMP out and back > > in, but keep any externals from coming in I certainly am one who would > > like to know. > > man 8 ipfw > > If you search for icmp you'll find the lsiting on icmptypes. You can > specify what icmp to block and let through... > > --Larry > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a201c0fb75$b7f4e800$3200a8c0>