icmp packets - disabling via sysctl, or cisco switch ... ?
Chuck Swiger
cswiger at mac.com
Fri Jul 28 14:47:20 UTC 2006
Bill Moran wrote:
> User Freebsd wrote:
>> Two part question here ...
>>
>> first part ... is there a way of just disabling icmp by setting a
>> sysctl, so that a server just doesn't respond to them?
>>
>> second part ... is there a way of telling a cisco switch to drop all
>> icmp packets, preferrably to all but an exception list, but to
>> everywhere works as well ...
>
> Sure, just uninstall TCP/IP. ICMP isn't needed unless you're using
> TCP/IP.
:-) I was going to express the same idea a bit more politely...
Try running "tcpdump -nt icmp" and paying attention to what is going on;
blocking all ICMP traffic on an internet router will completely break PMTU
discovery and cause hatred and discontent for normal TCP/IP operations, too.
--
-Chuck
More information about the freebsd-questions
mailing list