Date: Thu, 01 Dec 2011 20:56:03 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: Robert Bonomi <bonomi@mail.r-bonomi.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw And ping Message-ID: <4ED83E43.4080108@tundraware.com> In-Reply-To: <201112020256.pB22uFTL005227@mail.r-bonomi.com> References: <201112020256.pB22uFTL005227@mail.r-bonomi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/01/2011 08:56 PM, Robert Bonomi wrote:
>> From owner-freebsd-questions@freebsd.org Thu Dec 1 17:27:19 2011
>> Date: Thu, 01 Dec 2011 17:25:04 -0600
>> From: Tim Daneliuk<tundra@tundraware.com>
>> To: FreeBSD Mailing List<freebsd-questions@freebsd.org>
>> Subject: ipfw And ping
>>
>> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
>> Pings were not getting through so I added this near the top
>> of the rule set:
>>
>> #####
>> # Allow icmp
>> #####
>>
>> ${FWCMD} add allow icmp from any to any
>>
>>
>> It does work but, two questions:
>>
>> 1) Is there a better way?
>> 2) Will this cause harm or otherwise expose the server to some vulnerability?
>
> FIRST question: Are you trying to make _outgoing_ ping work, or let the
> outside world 'ping' internal machines on your network? What you wrote
> is not clear on this point.
Both.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ED83E43.4080108>