Date: Tue, 12 Aug 2003 00:28:40 GMT From: Mark <admin@asarian-host.net> To: <freebsd-questions@freebsd.org> Subject: Re: Restricting ICMP Message-ID: <200308120028.H7C0SDXS058360@asarian-host.net> References: <200308120023.H7C0MXXS058110@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Mark" <admin@asarian-host.net>
To: <freebsd-questions@freebsd.org>
Sent: Tuesday, August 12, 2003 2:23 AM
Subject: Restricting ICMP
> Hello,
>
> Is there a way I can use ipfw to disallow ICMP from anyone, but
> root? (FreeBSD 4.7R) I tried this:
>
> ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in
> via ${outside}
> ${fwcmd} -q add 4 allow icmp from any to any uid root
> ${fwcmd} -q add 4 deny log icmp from any to any
>
> But that, obviously, does not do what I want it to, as it keeps
> denying everything going out. It may not even be possible to
> restrict ICMP that way, but it never hurts to ask. :)
Sorry for the addendum; but I was not entirely clear. I want to restrict
*outgoing* ICMP (traceroute and such) to anyone, but root.
- Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308120028.H7C0SDXS058360>