Date: Tue, 19 Jan 1999 14:04:07 GMT From: r.yeardley@hunter13.com (Richard Yeardley) To: freebsd-security@FreeBSD.ORG Subject: Re: ipfw filters for icmp which don't break things - Was: Re: Small Servers - ICMP Redirect Message-ID: <36a59038.350804179@smtp.dial.pipex.com> In-Reply-To: <4.1.19990119010408.02c0d7d0@195.250.206.101> References: <19990117194706.H97318@oreo.adsu.bellsouth.com> <007701be4256$f01ff740$02c3fe90@cisco.com> <Pine.BSF.3.96.990118085344.15297A-100000@enya.clari.net.au> <19990117185047.A97318@oreo.adsu.bellsouth.com> <199901180030.QAA54407@apollo.backplane.com> <19990117194706.H97318@oreo.adsu.bellsouth.com> <4.1.19990119010408.02c0d7d0@195.250.206.101>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's a snippet from my rc.firewall - it allows outgoing pings and traceroutes (and their appropriate return values) but doesn't allow anyone to ping my LAN from the internet. $iif is set to ed0 $oif is set to tun0 # Allow any ICMP packets to pass on inside i/f $fwcmd add pass icmp from any to any via ${iif} # Allow outbound pings $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 0 $fwcmd add pass icmp from any to any out xmit ${oif} icmptypes 8 # Allow outbound traceroutes $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 3 $fwcmd add pass icmp from any to any in recv ${oif} icmptypes 11 On Tue, 19 Jan 1999 01:06:32 +0100, it was written: > >Would some kind soul provide ipfw filters for icmp with some comments so >people can copy them and enable only what they think is useful/needed for >them? I'm sure something like this would be good - probably also good for >handbook. > >Tomaz >---- >Tomaz Borstnar <tomaz.borstnar@over.net> >"Love is the answer to the final question you ask" - Unknown > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36a59038.350804179>