Re: IPFW and icmp
From: Kevin D. Kinsey, DaleCo, S.P. (kdk_at_daleco.biz)
Date: 09/02/04
- Previous message: Laust Jespersen: "Re: IPFW and icmp"
- In reply to: Dave: "IPFW and icmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 02 Sep 2004 12:05:26 -0500 To: Dave <mudman@metafocus.net>
Dave wrote:
>I'm not a master of the internet RFCs, but I do believe icmp messages have
>different types.
>
>Now to enable traceroute for IPFW, I might put in a rule like this:
>
>ipfw add pass icmp from any to me
>
>However, how would I make a rule to limit icmp messages to just those used
>by traceroute? Can the messages be distinguished as such?
>
>
>
I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That
include 'echo request', of course. Someone else may have a better idea.
>A dynamic rule that exists only for the duration of a traceroute execution
>would be even better. I take it 'setup' or 'check-state' would follow in
>that case?
>
>
>
Seems likely. *sigh* one more manpage to read.... ;-)
Kevin Kinsey
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Laust Jespersen: "Re: IPFW and icmp"
- In reply to: Dave: "IPFW and icmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
