ipfw And ping

Michael Sierchio kudzu at tenebras.com
Fri Dec 2 02:50:27 UTC 2011

You can rate-limit pings and other icmp with sysctl nodes (sysctl
net.inet.icmp )

You can make the rule a little more restrictive:

add allow icmp from any to any icmptypes 0,3,8,11

if you want to disallow echo requests, omit 8 - the others are
essential for most things to work properly or to diagnose problems.

On Thu, Dec 1, 2011 at 3:25 PM, Tim Daneliuk <tundra at tundraware.com> wrote:
> I have a fairly restrictive ipfw setup on  a FBSD 8.2-STABLE machine.
> Pings were not getting through so I added this near the top
> of the rule set:
>  #####
>  # Allow icmp
>  #####
>  ${FWCMD} add allow icmp from any to any
> It does work but, two questions:
> 1) Is there a better way?
> 2) Will this cause harm or otherwise expose the server to some
> vulnerability?
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list