ICMP traffic

Travis H. solinym at gmail.com
Fri Aug 18 08:45:11 UTC 2006


I allow this out:
"squench", "echoreq", "timereq", "trace", "skip", "photuris"

I block this out:
"echorep", "unreach", "redir", "althost", "routeradv" "routersol",
"timex", "paramprob", "timerep", "inforeq", "maskreq", "maskrep",
"dataconv", "mobredir", "ipv6-where",
"ipv6-here", "mobregreq", "mobregrep"

This is a little large because some of the ICMPs I wasn't familiar
with, but blocking them hasn't hurt me (that I know).

Anything coming in has to match a state.

I'm not paranoid, it's just that people keep trying to gain my
confidence so they can steal my magic bag. :-P
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484


More information about the freebsd-pf mailing list