Date: Fri, 28 Jul 2006 10:47:01 -0400 From: Chuck Swiger <cswiger@mac.com> To: freebsd-questions@freebsd.org Cc: Bill Moran <wmoran@collaborativefusion.com>, User Freebsd <freebsd@hub.org> Subject: Re: icmp packets - disabling via sysctl, or cisco switch ... ? Message-ID: <44CA2365.4040907@mac.com> In-Reply-To: <44CA0156.6000707@collaborativefusion.com> References: <20060728001202.W17979@ganymede.hub.org> <44CA0156.6000707@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > User Freebsd wrote: >> Two part question here ... >> >> first part ... is there a way of just disabling icmp by setting a >> sysctl, so that a server just doesn't respond to them? >> >> second part ... is there a way of telling a cisco switch to drop all >> icmp packets, preferrably to all but an exception list, but to >> everywhere works as well ... > > Sure, just uninstall TCP/IP. ICMP isn't needed unless you're using > TCP/IP. :-) I was going to express the same idea a bit more politely... Try running "tcpdump -nt icmp" and paying attention to what is going on; blocking all ICMP traffic on an internet router will completely break PMTU discovery and cause hatred and discontent for normal TCP/IP operations, too. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CA2365.4040907>