Suggestion regarding a new option for IPFW2
Sten Daniel Sørsdal
sten.daniel.sorsdal at wan.no
Fri Aug 1 07:46:00 PDT 2003
I have a humble suggestion to an IPFW2 option.
The option to send icmp error messages/tcp resets with src being
the original destination of the offending packet.
I realize after looking at the src's that this might require a
separate icmp_error() - please correct me if i'm wrong!
The intent is to "disguise" the source of the error message for
forwarding firewalls protecting servers.
Im thinking of a function like the one that is found in ipfilter.
Is this an option the community would appreciate?
Any thoughts and suggestions appreciated.
-- Sten
More information about the freebsd-ipfw
mailing list