|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: deny incoming icmp
From: Rashid N. Achilov (shelton
sentry.granch.ru)Date: Thu Aug 17 2000 - 04:05:09 CDT
- Next message: 3APA3A: "Re: [Q] why does my firewall degrade Web performance?"
- Previous message: scannerjurai.net: "Re: deny incoming icmp"
- In reply to: Erick Mechler: "Re: deny incoming icmp"
- Next in thread: Manfredi Blasucci: "Re: deny incoming icmp"
- Reply: Rashid N. Achilov: "Re: deny incoming icmp"
- Reply: Manfredi Blasucci: "Re: deny incoming icmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 17-Aug-00 Erick Mechler wrote:
> First you have to enable firewalling code in your kernel. Once you've done
> that, the following two ipfw rules should do what you want:
>
> ipfw add deny icmp from any to any
> ipfw add allow icmp from ${oip} to any via ${oif}
>
> where ${oip} is the IP address of your outside interface, and ${oif} is the
> outside interface itself.
>
Sorry, more precision...
I have a firewall, protecting my network. IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL_FORWARD
enabled. What can I allow icmp from our network any deny/fake incoming to our network icmp?
-- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer e-mail: achilovTo Unsubscribe: send mail to majordomo
- Next message: 3APA3A: "Re: [Q] why does my firewall degrade Web performance?"
- Previous message: scannerjurai.net: "Re: deny incoming icmp"
- In reply to: Erick Mechler: "Re: deny incoming icmp"
- Next in thread: Manfredi Blasucci: "Re: deny incoming icmp"
- Reply: Rashid N. Achilov: "Re: deny incoming icmp"
- Reply: Manfredi Blasucci: "Re: deny incoming icmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]