Restricting ICMP
Andy Farkas
andyf at speednet.com.au
Tue Aug 12 19:41:25 PDT 2003
>
> Is there a way I can use ipfw to disallow ICMP from anyone, but root?
> (FreeBSD 4.7R) I tried this:
>
> ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via
> ${outside}
> ${fwcmd} -q add 4 allow icmp from any to any uid root
> ${fwcmd} -q add 4 deny log icmp from any to any
man ipfw says:
uid user
Match all TCP or UDP packets sent by or received for a user. A
user may be matched by name or identification number.
..which sort of implies it wont work for icmp.
Why would you want this policy?
--
:{ andyf at speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
More information about the freebsd-questions
mailing list