Date: Thu, 17 Aug 2000 11:29:07 +0200 From: Manfredi Blasucci <sonoro@inet.it> To: "Rashid N. Achilov" <achilov@granch.ru> Cc: Erick Mechler <emechler@sendmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: deny incoming icmp Message-ID: <399BB063.EB511C8A@inet.it> References: <XFMail.000817160509.shelton@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"Rashid N. Achilov" wrote: > > Sorry, more precision... > > I have a firewall, protecting my network. IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL_FORWARD > enabled. What can I allow icmp from our network any deny/fake incoming to our network icmp? > -- Try with those: ${fwcmd} add allow log icmp from any to $ip via $eth out ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 0 <- Echo Reply ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 3 <- Destination Unreachable ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 8 <- Echo ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 11 <- Time Exceded ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 12 <- Parameter Problem See also http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf. Bye, Manf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?399BB063.EB511C8A>