[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disable icmp in OpenBSD 3.2 ?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: disable icmp in OpenBSD 3.2 ?
From: Ben Goren <ben_(_at_)_trumpetpower_(_dot_)_com>
Date: Fri, 10 Jan 2003 14:54:58 -0700

On Fri, Jan 10, 2003 at 03:57:47PM -0500, Philip_(_dot_)_Miller_(_at_)_ogilvy_(_dot_)_com
wrote:

> Im looking to  do this without pf / ipf  though (and you thought
> this would be easy?)

We just had this discussion. No, you  do not want to disable ICMP.
Read the archives for the past week or so.

If you still  think you want a broken  network connection, there's
nothing better or simpler than using  the right tool for the right
job, namely:

    $ echo block in quick inet proto icmp >> /etc/pf.conf
    $ echo block out quick inet proto icmp >> /etc/pf.conf
	$ pfctl -e

Using  something other  than pf  to do  this would  be like  using
something  other than  a lug  nut wrench  to take  those unsightly
bolts off your car's wheels.

Cheers,

b&

--
Ben Goren
 mailto:ben_(_at_)_trumpetpower_(_dot_)_com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]

References:
- disable icmp in OpenBSD 3.2 ?
  - From: Philip . Miller

Prev by Date: Re: i2o / Intelligent IO
Next by Date: Re: OT: su / sudo / direct root login in large organizations
Previous by thread: Re: disable icmp in OpenBSD 3.2 ?
Next by thread: Re: NetBSD SMP
Index(es):
- Date
- Thread

Visit your host, monkey.org