ipfw And ping
Michael Sierchio
kudzu at tenebras.com
Fri Dec 2 02:50:27 UTC 2011
You can rate-limit pings and other icmp with sysctl nodes (sysctl
net.inet.icmp )
You can make the rule a little more restrictive:
add allow icmp from any to any icmptypes 0,3,8,11
if you want to disallow echo requests, omit 8 - the others are
essential for most things to work properly or to diagnose problems.
On Thu, Dec 1, 2011 at 3:25 PM, Tim Daneliuk <tundra at tundraware.com> wrote:
> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
> Pings were not getting through so I added this near the top
> of the rule set:
>
> #####
> # Allow icmp
> #####
>
> ${FWCMD} add allow icmp from any to any
>
>
> It does work but, two questions:
>
> 1) Is there a better way?
> 2) Will this cause harm or otherwise expose the server to some
> vulnerability?
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list