From owner-freebsd-security  Fri Jun 11 20:53:34 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns.mt.sri.com (unknown [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP id 2808514F26
	for <freebsd-security@FreeBSD.ORG>; Fri, 11 Jun 1999 20:53:31 -0700 (PDT)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id VAA01661;
	Fri, 11 Jun 1999 21:53:07 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id VAA23229; Fri, 11 Jun 1999 21:53:06 -0600
Date: Fri, 11 Jun 1999 21:53:06 -0600
Message-Id: <199906120353.VAA23229@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Pete Fritchman <petef@netreach.net>
Cc: Ruslan Ermilov <ru@ucb.crimea.ua>,
	"Jason L. Schwab" <jschwab@royal.net>, ghandi@mindless.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: firewalls
In-Reply-To: <Pine.LNX.3.96.990611202315.5891A-100000@static-petef.netreach.net>
References: <19990612004633.A29090@relay.ucb.crimea.ua>
	<Pine.LNX.3.96.990611202315.5891A-100000@static-petef.netreach.net>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

[ blocking all ICMP packets ]
> I did it before and it worked fine.

It will affect people trying to connect to you though.  *DON'T* firewall
something unless you know the effects of it.  Blocking all ICMP is a
violation of RFC, and shows that you don't understand how TCP/IP works.

*MOST* of the ICMP types can be blocked, but not all of them.



Nate



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message