On 12/04/2011 01:04 AM, Ian Smith wrote:
<SNIP>
>
> For one, google 'icmp redirect attack'
But isn't that handled by setting:
net.inet.icmp.drop_redirect=1
> # This is the ICMP rule we generally use:
> # ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18
Hmmm.... I just tried this and it seems to break ping...