Restricting ICMP

Andy Farkas andyf at
Tue Aug 12 19:41:25 PDT 2003

> Is there a way I can use ipfw to disallow ICMP from anyone, but root?
> (FreeBSD 4.7R) I tried this:
> ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via
> ${outside}
> ${fwcmd} -q add 4 allow icmp from any to any uid root
> ${fwcmd} -q add 4 deny log icmp from any to any

man ipfw says:

  uid user
    Match all TCP or UDP packets sent by or received for a user. A
    user may be matched by name or identification number.

..which sort of implies it wont work for icmp.

Why would you want this policy?


 :{ andyf at

        Andy Farkas
    System Administrator
   Speednet Communications

More information about the freebsd-questions mailing list