You can rate-limit pings and other icmp with sysctl nodes (sysctl
net.inet.icmp )
You can make the rule a little more restrictive:
add allow icmp from any to any icmptypes 0,3,8,11
if you want to disallow echo requests, omit 8 - the others are
essential for most things to work properly or to diagnose problems.
On Thu, Dec 1, 2011 at 3:25 PM, Tim Daneliuk <tun...@tundraware.com> wrote:
> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
> Pings were not getting through so I added this near the top
> of the rule set:
>
> #####
> # Allow icmp
> #####
>
> ${FWCMD} add allow icmp from any to any
>
>
> It does work but, two questions:
>
> 1) Is there a better way?
> 2) Will this cause harm or otherwise expose the server to some
> vulnerability?
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
