From owner-freebsd-questions@FreeBSD.ORG Fri Dec 2 04:37:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC467106575A for ; Fri, 2 Dec 2011 04:37:35 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 63E5A8FC0A for ; Fri, 2 Dec 2011 04:37:35 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id pB24dDA7006102 for freebsd-questions@freebsd.org; Thu, 1 Dec 2011 22:39:13 -0600 (CST) Date: Thu, 1 Dec 2011 22:39:13 -0600 (CST) From: Robert Bonomi Message-Id: <201112020439.pB24dDA7006102@mail.r-bonomi.com> To: freebsd-questions@freebsd.org In-Reply-To: <4ED84BDB.5010908@tundraware.com> Subject: Re: ipfw And ping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2011 04:37:35 -0000 Tim Daneliuk wrote: > To: Robert Bonomi > Subject: Re: ipfw And ping > > On 12/01/2011 09:12 PM, Robert Bonomi wrote: > >> From tundra@tundraware.com Thu Dec 1 20:57:55 2011 > >> Date: Thu, 01 Dec 2011 20:56:03 -0600 > >> > >> Both. > > > > Then you want to allow icmp type 0, 3, 8, and 12 -- and type probably 11, > > too -- both ways. > > > Is there a reason to not use what I have already - i.e., To let all icmp > types flow in- and out? What's the downside of doing so? Some _can_ be used maliciously. e.g. REDIRECT