ICMP traffic
Charles Lacroix
clacroix at cegep-ste-foy.qc.ca
Mon Aug 14 14:28:38 UTC 2006
On Monday 14 August 2006 09:42, Cristiano Deana wrote:
> 2006/8/14, Charles Lacroix <clacroix at cegep-ste-foy.qc.ca>:
> > i was wondering which icmp type packets people accepted on there
> > production servers.
>
> did you read firewall(7) ?
I just checked it and it's talking about ipfw, i searched the man page for
icmp rules and found this little block.
Thanks for the hint.
# It is important to allow certain ICMP types through, here is a list
# of general ICMP types. Note that it is important to let ICMP type 3
# through.
#
# 0 Echo Reply
# 3 Destination Unreachable (used by TCP MTU discovery, aka
# packet-too-big)
# 4 Source Quench (typically not allowed)
# 5 Redirect (typically not allowed - can be dangerous!)
# 8 Echo
# 11 Time Exceeded
# 12 Parameter Problem
# 13 Timestamp
# 14 Timestamp Reply
#
# Sometimes people need to allow ICMP REDIRECT packets, which is
# type 5, but if you allow it make sure that your Internet router
# disallows it.
--
Charles Lacroix, Administrateur UNIX.
Service des télécommunications et des technologies
Cégep de Sainte-Foy
(418) 659-6600 # 4266
More information about the freebsd-pf
mailing list