From owner-freebsd-questions@FreeBSD.ORG Fri Dec 2 02:56:11 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B5D01065676 for ; Fri, 2 Dec 2011 02:56:11 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id 12A1E8FC14 for ; Fri, 2 Dec 2011 02:56:10 +0000 (UTC) Received: from [192.168.0.2] (viper.tundraware.com [192.168.0.2]) (authenticated bits=0) by ozzie.tundraware.com (8.14.5/8.14.5) with ESMTP id pB22u3bQ004819 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 1 Dec 2011 20:56:03 -0600 (CST) (envelope-from tundra@tundraware.com) Message-ID: <4ED83E43.4080108@tundraware.com> Date: Thu, 01 Dec 2011 20:56:03 -0600 From: Tim Daneliuk User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Thunderbird/3.1.15 MIME-Version: 1.0 To: Robert Bonomi References: <201112020256.pB22uFTL005227@mail.r-bonomi.com> In-Reply-To: <201112020256.pB22uFTL005227@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (ozzie.tundraware.com [192.168.0.1]); Thu, 01 Dec 2011 20:56:03 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: pB22u3bQ004819 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: ipfw And ping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2011 02:56:11 -0000 On 12/01/2011 08:56 PM, Robert Bonomi wrote: >> From owner-freebsd-questions@freebsd.org Thu Dec 1 17:27:19 2011 >> Date: Thu, 01 Dec 2011 17:25:04 -0600 >> From: Tim Daneliuk >> To: FreeBSD Mailing List >> Subject: ipfw And ping >> >> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine. >> Pings were not getting through so I added this near the top >> of the rule set: >> >> ##### >> # Allow icmp >> ##### >> >> ${FWCMD} add allow icmp from any to any >> >> >> It does work but, two questions: >> >> 1) Is there a better way? >> 2) Will this cause harm or otherwise expose the server to some vulnerability? > > FIRST question: Are you trying to make _outgoing_ ping work, or let the > outside world 'ping' internal machines on your network? What you wrote > is not clear on this point. Both.