Re: IPFW and icmp
From: Kevin D. Kinsey, DaleCo, S.P. (kdk_at_daleco.biz)
Date: Thu, 02 Sep 2004 12:05:26 -0500 To: Dave <firstname.lastname@example.org>
>I'm not a master of the internet RFCs, but I do believe icmp messages have
>Now to enable traceroute for IPFW, I might put in a rule like this:
>ipfw add pass icmp from any to me
>However, how would I make a rule to limit icmp messages to just those used
>by traceroute? Can the messages be distinguished as such?
I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That
include 'echo request', of course. Someone else may have a better idea.
>A dynamic rule that exists only for the duration of a traceroute execution
>would be even better. I take it 'setup' or 'check-state' would follow in
Seems likely. *sigh* one more manpage to read.... ;-)
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"