Date: Fri, 30 Mar 2001 19:13:43 -0800 From: Sean Chittenden <sean-freebsd-ipfw@chittenden.org> To: Nick Rogness <nick@rogness.net> Cc: alexus <ml@db.nexgen.com>, freebsd-ipfw@FreeBSD.ORG Subject: Re: your mail Message-ID: <20010330191343.E423@rand.tgd.net> In-Reply-To: <Pine.BSF.4.21.0103302108360.86494-100000@cody.jharris.com>; from "nick@rogness.net" on Fri, Mar 30, 2001 at = 09:12:15PM References: <20010330185303.D423@rand.tgd.net> <Pine.BSF.4.21.0103302108360.86494-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--zaRBsRFn0XYhEU69 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > > ICMP type 0: echo reply > > ICMP type 8: echo request > >=20 > > Why not do the following? > >=20 > > allow outgoing icmp type 8 from host > > deny incoming icmp type 8 from anywhere >=20 > Well, you can ;-) But what about hosts that are using your BSD > firewall machine as a router to the internet? Allow icmp type 8 from the netblock behind the bsd system, or allow in via fxp1 and block via fxp0.... or use ipfilter and keep state.... has anyone had any luck using the dynamic rules in ipfw? I moved to ipfilter before I got real deep w/ them. How does that functionality stack up with the state table in ipfilter? In any event, it's Friday, we're splitting hairs and I think a Guinness is in order... ::grin:: -sc --=20 Sean Chittenden --zaRBsRFn0XYhEU69 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden <sean@chittenden.org> iEYEARECAAYFAjrFS2YACgkQn09c7x7d+q3T3wCfZGVdbPoBRpvNpLrpdNccgc3x xjsAn1iuIbFMzJak6vThPtQ9i2A0hdQY =TtSN -----END PGP SIGNATURE----- --zaRBsRFn0XYhEU69-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010330191343.E423>