From owner-freebsd-questions@FreeBSD.ORG Fri Jul 28 03:26:59 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5457C16A4DA for ; Fri, 28 Jul 2006 03:26:59 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF3A643D46 for ; Fri, 28 Jul 2006 03:26:58 +0000 (GMT) (envelope-from freebsd@hub.org) Received: from localhost (mx1.hub.org [200.46.208.251]) by hub.org (Postfix) with ESMTP id A737A291B04 for ; Fri, 28 Jul 2006 00:26:54 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.208.251]) (amavisd-new, port 10024) with ESMTP id 93661-03 for ; Fri, 28 Jul 2006 00:26:54 -0300 (ADT) Received: from ganymede.hub.org (blk-224-179-167.eastlink.ca [24.224.179.167]) by hub.org (Postfix) with ESMTP id 34204290C6A for ; Fri, 28 Jul 2006 00:26:23 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1027) id 68D265CA28; Fri, 28 Jul 2006 00:26:06 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 6755F5C9CE for ; Fri, 28 Jul 2006 00:26:06 -0300 (ADT) Date: Fri, 28 Jul 2006 00:26:06 -0300 (ADT) From: User Freebsd To: freebsd-questions@freebsd.org In-Reply-To: <20060728001202.W17979@ganymede.hub.org> Message-ID: <20060728002433.E17979@ganymede.hub.org> References: <20060728001202.W17979@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: icmp packets - disabling via sysctl, or cisco switch ... ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 03:26:59 -0000 Just an appendum, but this is what I'm seeing in /var/log/messages right now: Jul 28 00:22:37 io kernel: Limiting icmp unreach response from 6255 to 200 packets/sec Jul 28 00:22:38 io kernel: Limiting icmp unreach response from 6515 to 200 packets/sec Jul 28 00:22:39 io kernel: Limiting icmp unreach response from 6646 to 200 packets/sec ^C And its been going on for several hours now ... :( On Fri, 28 Jul 2006, User Freebsd wrote: > > Two part question here ... > > first part ... is there a way of just disabling icmp by setting a sysctl, so > that a server just doesn't respond to them? > > second part ... is there a way of telling a cisco switch to drop all icmp > packets, preferrably to all but an exception list, but to everywhere works as > well ... > > I'm running a Cisco 2950-24 ... > > thanks ... > > ---- > Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) > Email . scrappy@hub.org MSN . scrappy@hub.org > Yahoo . yscrappy Skype: hub.org ICQ . 7615664 > ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664