Restricting ICMP

Hello, Is there a way I can use ipfw to disallow ICMP from anyone, but root? (FreeBSD 4.7R) I tried this: ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via ${outside} ${fwcmd} -q add 4 allow icmp from any to any uid root ${fwcmd} -q add 4 deny log icmp from any to any But tha

Re: Restricting ICMP

> > Is there a way I can use ipfw to disallow ICMP from anyone, but root? > (FreeBSD 4.7R) I tried this: > > ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via > ${outside} > ${fwcmd} -q add 4 allow icmp from any to any uid root > ${fwcmd} -q add 4 deny log icmp from any to any

Re: Restricting ICMP

Mark wrote: > I am just not very fond of the idea of local users starting ICMP wars over > the net, using my server :) I have already had an instance where a web-user > did an excessive ping attack on one of his buddies. And, naturally, I want > to prevent that. The chmod u-s idea mentioned here,

Re: Restricting ICMP

On Wed, Aug 13, 2003 at 10:01:03PM +1000, Andy Farkas typed: > Mark wrote: > > > I am just not very fond of the idea of local users starting ICMP wars over > > the net, using my server :) I have already had an instance where a web-user > > did an excessive ping attack on one of his buddies. And, n

Re: Restricting ICMP

- Original Message - From: "Andy Farkas" <[EMAIL PROTECTED]> To: "Mark" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 1:01 PM Subject: Re: Restricting ICMP > Mark wrote: > > > I am just not very fond

Re: Restricting ICMP

On Wed, Aug 13, 2003 at 09:56:04AM +, Mark typed: > - Original Message - > From: "Andy Farkas" <[EMAIL PROTECTED]> > I am just not very fond of the idea of local users starting ICMP wars over > the net, using my server :) I have already had an instance where a web-user > did an exce

Re: Restricting ICMP

PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 2:42 PM Subject: Re: Restricting ICMP > - Original Message - > From: "Andy Farkas" <[EMAIL PROTECTED]> > To: "Markie" <[EMAIL PROTECTED]> > Cc: "Mark" <[EMA

Re: Restricting ICMP

- Original Message - From: "Mark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 2:23 AM Subject: Restricting ICMP > Hello, > > Is there a way I can use ipfw to disallow ICMP from anyone, but > root? (FreeBSD 4.7R) I tried

Re: Restricting ICMP

On Tue, Aug 12, 2003 at 12:28:40AM +, Mark wrote: [..] > Sorry for the addendum; but I was not entirely clear. I want to restrict > *outgoing* ICMP (traceroute and such) to anyone, but root. # chmod u-s /usr/sbin/traceroute /sbin/ping -- Jonathan Chen <[EMAIL PROTECTED]> ---

Re: Restricting ICMP

- Original Message - From: "Andy Farkas" <[EMAIL PROTECTED]> To: "Mark" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 4:41 AM Subject: Re: Restricting ICMP > > > > Is there a way I can use ipfw to disallo

Re: Restricting ICMP

> Is it? I thought it was setuid root for a reason :o) ... > I just woke up, so it may well be I am just being stupid :o) Well, I didn't know ping needed suid. I stand corrected and apologise for any misleadings. /me is the stupid one... time to go to bed :) -- :{ [EMAIL PROTECTED] An

Re: Restricting ICMP

- Original Message - From: "Andy Farkas" <[EMAIL PROTECTED]> To: "Markie" <[EMAIL PROTECTED]> Cc: "Mark" <[EMAIL PROTECTED]>; "Ruben de Groot" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 20