sonoroinet.it

• Next message: Markus Holmberg: "Purpose of world being able to see the mail queue?"
• Previous message: 3APA3A: "Re: [Q] why does my firewall degrade Web performance?"
• In reply to: Rashid N. Achilov: "Re: deny incoming icmp"
• Next in thread: Richard Martin: "Re: deny incoming icmp"
• Reply: Manfredi Blasucci: "Re: deny incoming icmp"
• Reply: Richard Martin: "Re: deny incoming icmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Rashid N. Achilov" wrote:

>
> Sorry, more precision...
>
> I have a firewall, protecting my network. IPFIREWALL, IPFIREWALL_VERBOSE, IPFIREWALL_FORWARD
> enabled. What can I allow icmp from our network any deny/fake incoming to our network icmp?
> --

Try with those:

${fwcmd} add allow log icmp from any to $ip via $eth out
${fwcmd} add allow log icmp from any to $ip via $eth in icmp 0 <- Echo Reply
${fwcmd} add allow log icmp from any to $ip via $eth in icmp 3 <- Destination Unreachable
${fwcmd} add allow log icmp from any to $ip via $eth in icmp 8 <- Echo
${fwcmd} add allow log icmp from any to $ip via $eth in icmp 11 <- Time Exceded
${fwcmd} add allow log icmp from any to $ip via $eth in icmp 12 <- Parameter Problem

See also http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf.

Bye,
Manf

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Markus Holmberg: "Purpose of world being able to see the mail queue?"
• Previous message: 3APA3A: "Re: [Q] why does my firewall degrade Web performance?"
• In reply to: Rashid N. Achilov: "Re: deny incoming icmp"
• Next in thread: Richard Martin: "Re: deny incoming icmp"
• Reply: Manfredi Blasucci: "Re: deny incoming icmp"
• Reply: Richard Martin: "Re: deny incoming icmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]