From owner-freebsd-security Thu Nov 23 11:31:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from tmd.df.ru (i.am.a.sincere.pathalogical.liar.org [216.58.112.97]) by hub.freebsd.org (Postfix) with ESMTP id 8F47537B479 for ; Thu, 23 Nov 2000 11:31:27 -0800 (PST) Received: from localhost (tmd@localhost) by tmd.df.ru (8.11.1/8.11.1) with ESMTP id eANJa2T18378 for ; Thu, 23 Nov 2000 14:36:04 -0500 (EST) (envelope-from tmd@tmd.df.ru) Date: Thu, 23 Nov 2000 14:35:56 -0500 (EST) From: Vlad To: security@FreeBSD.ORG Subject: Re: ipf - icmp In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Perhaps there are other rules that follow before/after that supercede the icmp ones. Try using "quick" option. pass in quick on sis0 proto icmp from any to any icmp-type 0 pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3 pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4 pass in quick on sis0 proto icmp from any to any icmp-type timex pass out quick on sis0 proto icmp from any to any these entries will allow you to ping/traceroute anyone, will prohibit anyone from pinging/tracerouting you. On Thu, 23 Nov 2000, Buliwyf McGraw wrote: > > Hello... im doing some tests with ipf... i added this rules on the > system: > > block in on sis0 proto icmp all > block out on sis0 proto icmp all > > But, when i do a ping from another machine... the server answer the > icmp request without problems... I ask: Are the rules failing??? > > ======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle > ======================================================================= > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message