Date: Sat, 21 Nov 1998 12:39:15 +0000 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Brian Gallucci <brian@briang.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ICMP Message-ID: <3656B473.896FD2D@tdx.co.uk> References: <000901be153b$273fd0e0$2900a8c0@desktop.briang.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Gallucci wrote: > > Which one of these would I use if I whanted to stop poeple from doing a port > scan on my boxes, > but at the same time not stopping me from be able to ping out.... > This is the rule I'm using " ipfw add 3400 deny log icmp from any to > 24.1.88.78 icmptype ? " > > [snip] This isn't really a FreeBSD issue - if you want to stop people from ping'ing you, and yet be able to ping out - you need to look at ICMP Echo's - Allow the ICMP ECHO's out, but deny them IN (as well as some other ICMP, e.g. source routing etc.) You need to do some more reasearch on the net, or better - if you can, buy a book... /etc/rc.firewall lists 2 excellent books on the subject, Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3656B473.896FD2D>