Date: Fri, 11 Jun 1999 16:06:02 -0700 (PDT) From: freebsd <freebsd@unreal.gatekeep.net> To: Nick Rogness <nick@rapidnet.com> Cc: "Jason L. Schwab" <jschwab@royal.net>, Pete Fritchman <petef@netreach.net>, ghandi@mindless.com, freebsd-security@FreeBSD.ORG Subject: Re: firewalls Message-ID: <Pine.BSF.4.05.9906111603370.37099-100000@unreal.gatekeep.net> In-Reply-To: <Pine.BSF.4.05.9906111701370.44102-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I suggest installing ICMP_BANDLIM into the kernel (gret LINT) and setting it to about 20... sysctl -w net.inet.icmp.icmplim=20 Also for syn floods, i suggest going to geek-girl.com and getting the new syn protection patch for FreeBSD, it works, you also set it via sysctl... On Fri, 11 Jun 1999, Nick Rogness wrote: > On Fri, 11 Jun 1999, Pete Fritchman wrote: > > > You probably just want to deny all icmp to your dialup. > > > > ipfw add deny icmp from any to any > > > Some online games rely on icmp packets to monitor > your speed to the server (eg. Quake2). With some > games this might be a problem. > > > > > > -------------------- > > [ Pete Fritchman ] > > [ Systems Engineer ] > > [petef@netreach.net] > > -------------------- > > > > On Fri, 11 Jun 1999, Jason L. Schwab wrote: > > > > > Date: Fri, 11 Jun 1999 14:21:27 -0700 (MST) > > > From: "Jason L. Schwab" <jschwab@royal.net> > > > To: ghandi@mindless.com > > > Cc: freebsd-security@FreeBSD.ORG > > > Subject: firewalls > > > > > > Dear all of you, > > > > > > What rules should i add to ipfw to make it to where no one can > > > Denial Of Service or D.o.S. me or any of those kinds of things? but i > > > wanna allow everything else thro. i'm on 56k dialup.. hope to be on > > > 256k once our phone company here gets it up and running... thanks > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > ******************************************************************* > Nick Rogness "Never settle with words what > System Administrator can be accomplished with a > RapidNet, INC flame-thrower" > nick@rapidnet.com > ******************************************************************* > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Brandon Hicks - Gate Keeper Technologies www.gatekeep.net bhicks@gatekeep.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906111603370.37099-100000>