You can rate-limit pings and other icmp with sysctl nodes (sysctl net.inet.icmp )
You can make the rule a little more restrictive: add allow icmp from any to any icmptypes 0,3,8,11 if you want to disallow echo requests, omit 8 - the others are essential for most things to work properly or to diagnose problems. On Thu, Dec 1, 2011 at 3:25 PM, Tim Daneliuk <tun...@tundraware.com> wrote: > I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine. > Pings were not getting through so I added this near the top > of the rule set: > > ##### > # Allow icmp > ##### > > ${FWCMD} add allow icmp from any to any > > > It does work but, two questions: > > 1) Is there a better way? > 2) Will this cause harm or otherwise expose the server to some > vulnerability? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"