Re: IPFW and icmp

看板FB_security作者時間21年前 (2004/09/03 01:06), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/5 (看更多)
Dave wrote: >I'm not a master of the internet RFCs, but I do believe icmp messages have >different types. > >Now to enable traceroute for IPFW, I might put in a rule like this: > >ipfw add pass icmp from any to me > >However, how would I make a rule to limit icmp messages to just those used >by traceroute? Can the messages be distinguished as such? > > > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That include 'echo request', of course. Someone else may have a better idea. >A dynamic rule that exists only for the duration of a traceroute execution >would be even better. I take it 'setup' or 'check-state' would follow in >that case? > > > Seems likely. *sigh* one more manpage to read.... ;-) Kevin Kinsey _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 kdk. 的文章
文章代碼(AID): #11DrBy00 (FB_security)
更多 kdk. 的文章
文章代碼(AID): #11DrBy00 (FB_security)