From owner-freebsd-questions  Mon Aug 20 14: 1:33 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id BEA5337B407
	for <questions@FreeBSD.ORG>; Mon, 20 Aug 2001 14:01:28 -0700 (PDT)
	(envelope-from ryan@sasknow.com)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id PAA88053;
	Mon, 20 Aug 2001 15:01:16 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Mon, 20 Aug 2001 15:01:16 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: klein brock <getzz1@yahoo.com>
Cc: questions@FreeBSD.ORG
Subject: Re: firewall ?
In-Reply-To: <20010820204712.42186.qmail@web20105.mail.yahoo.com>
Message-ID: <Pine.BSF.4.21.0108201457560.87534-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

klein brock wrote to Ryan Thompson:

> if i do that, can i still have a httpd & sendmail
> running under that ip ?

You can just block ICMP packets, i.e.,

/sbin/ipfw add 2000 unreach host icmp from any to 1.1.1.1

So the host isn't really unreachable, but the firewall will 
report it as such on ICMP requests.

Or, read ipfw(8) to specify which types of icmp to allow, 
e.g., to only do this with echo requests.

- Ryan


> --- Ryan Thompson <ryan@sasknow.com> wrote:
> > klein brock wrote to questions@FreeBSD.ORG:
> > 
> > > how do i do with my ipfw to have the result like
> > this:
> > > 
> > > #ping 1.1.1.1
> > > 
> > > PING 1.1.1.1 (1.1.1.1): 56 data bytes
> > > 36 bytes from 1.1.1.1
> > > (1.1.1.1): Destination Host Unreachable
> > 
> > /sbin/ipfw add 2000 unreach host ip from any to
> > 1.1.1.1
> > 
> > 
> > > Thanks.
> > 
> > Hope this helps,
> > 
> > - Ryan
> > 
> > 
> > -- 
> >   Ryan Thompson <ryan@sasknow.com>
> >   Network Administrator, Accounts
> > 
> >   SaskNow Technologies - http://www.sasknow.com
> >   #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2
> > 
> >         Tel: 306-664-3600   Fax: 306-664-1161  
> > Saskatoon
> >   Toll-Free: 877-727-5669     (877-SASKNOW)    
> > North America
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
> 

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message