Date: Thu, 1 Dec 2011 22:39:13 -0600 (CST) From: Robert Bonomi <bonomi@mail.r-bonomi.com> To: freebsd-questions@freebsd.org Subject: Re: ipfw And ping Message-ID: <201112020439.pB24dDA7006102@mail.r-bonomi.com> In-Reply-To: <4ED84BDB.5010908@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Daneliuk <tundra@tundraware.com> wrote: > To: Robert Bonomi <bonomi@mail.r-bonomi.com> > Subject: Re: ipfw And ping > > On 12/01/2011 09:12 PM, Robert Bonomi wrote: > >> From tundra@tundraware.com Thu Dec 1 20:57:55 2011 > >> Date: Thu, 01 Dec 2011 20:56:03 -0600 > >> > >> Both. > > > > Then you want to allow icmp type 0, 3, 8, and 12 -- and type probably 11, > > too -- both ways. > > > Is there a reason to not use what I have already - i.e., To let all icmp > types flow in- and out? What's the downside of doing so? Some _can_ be used maliciously. e.g. REDIRECT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112020439.pB24dDA7006102>