Date: Mon, 10 Dec 2001 01:10:05 -0800 (PST) From: Jaron Omega <jaron@af-inet.net> To: Mike D <d01f1n@yahoo.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: ICMP from within only Message-ID: <Pine.BSF.4.33.0112100100570.32121-100000@mail.af-inet.net> In-Reply-To: <20011210075231.JFSH3849.mta06-svc.ntlworld.com@there>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Dec 2001, Mike D wrote: >Is it possible to define a rule that will allow through pings and >traceroutes, but only the ones initiated from within the firewall? > >Thanks for any advice! Yes via 'icmptypes' attribute. fwcmd = /sbin/ipfw <- FreeBSD's firewall. Allows YOU to ping, and run traceroute. $fwcmd add <number> allow icmp from any to <IP> via <device> icmptypes 0,3,11 Denies others to ping you. $fwcmd add <number> deny icmp from any to <IP> via <device> icmptypes 0,8 Allows pinging etc, from your personal network. $fwcmd add <number> allow icmp from <internal network> to <internal IP> via <device> icmptypes 0,8 Jaron Omega To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0112100100570.32121-100000>