Blocking Virus ICMP flood
Don Bowman
don at sandvine.com
Mon Aug 25 06:51:16 PDT 2003
> From: User Ernie [mailto:ernie at spooky.eis.net.au]
> [ Charset ISO-8859-1 unsupported, converting... ]
> > > From: User Ernie [mailto:ernie at spooky.eis.net.au]
> > >
> > > Does anyone know if ipfw can do someting similar to:
> > >
> > > deny icmp any any echo tos min-delay
> > >
> > > Which is the Cisco command I use to try and limit the flood
> > > style icmp traffic from the
> > > recent Internet viruses.
> > >
> > > - Ernie.
> >
> > ipfw add deny icmp from any to any icmptypes 0,8 iptos lowdelay
> >
> I tried that but it gives me the following error:
>
> ipfw: unknown or out of order argument `iptos''
>
>
> Does it depend on FreeBSD version? I am running 4.8-STABLE
I have IPFW2 option enabled, that may be required.
More information about the freebsd-isp
mailing list