Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Jan 1999 14:04:07 GMT
From:      r.yeardley@hunter13.com (Richard Yeardley)
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: ipfw filters for icmp which don't break things - Was: Re: Small Servers - ICMP Redirect
Message-ID:  <36a59038.350804179@smtp.dial.pipex.com>
In-Reply-To: <4.1.19990119010408.02c0d7d0@195.250.206.101>
References:  <19990117194706.H97318@oreo.adsu.bellsouth.com> <007701be4256$f01ff740$02c3fe90@cisco.com> <Pine.BSF.3.96.990118085344.15297A-100000@enya.clari.net.au> <19990117185047.A97318@oreo.adsu.bellsouth.com> <199901180030.QAA54407@apollo.backplane.com> <19990117194706.H97318@oreo.adsu.bellsouth.com> <4.1.19990119010408.02c0d7d0@195.250.206.101>
next in thread | previous in thread | raw e-mail | index | archive | help 
Here's a snippet from my rc.firewall - it allows outgoing pings and
traceroutes (and their appropriate return values) but doesn't allow
anyone to ping my LAN from the internet.

$iif is set to ed0
$oif is set to tun0

# Allow any ICMP packets to pass on inside i/f

$fwcmd add pass icmp from any to any via ${iif}   

# Allow outbound pings

$fwcmd add pass icmp from any to any in recv ${oif} icmptypes 0
$fwcmd add pass icmp from any to any out xmit ${oif} icmptypes 8

# Allow outbound traceroutes

$fwcmd add pass icmp from any to any in recv ${oif} icmptypes 3
$fwcmd add pass icmp from any to any in recv ${oif} icmptypes 11


On Tue, 19 Jan 1999 01:06:32 +0100, it was written:

>
>Would some kind soul provide ipfw filters for icmp with some comments so
>people can copy them and enable only what they think is useful/needed for
>them? I'm sure something like this would be good - probably also good for
>handbook.
>
>Tomaz
>----
>Tomaz Borstnar <tomaz.borstnar@over.net>
>"Love is the answer to the final question you ask" - Unknown
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36a59038.350804179>