Best way to filter "Nachi pings"?
Peter C. Lai
sirmoo at cowbert.2y.net
Mon Oct 27 11:22:39 PST 2003
will the new IPFW2 build as a KLM which you could use with your old freebsd
kernel? (/sbin/ipfw2 would have to be rebuilt also, but should be otherwise
compatible).
Similarly, is there a reason that you wouldn't be able to use the less robust
ipfw2 on your release (since I assume you'd be using it purely for its iplen
capabilities)? In any case, blocking ICMP etc. appears to be operationally
the same as introducing unstable ipfw2 into a stable running kernel - they
are at best, only temporary solutions.
On Mon, Oct 27, 2003 at 06:17:26AM -0700, Brett Glass wrote:
> At 02:34 AM 10/27/2003, Kris Kennaway wrote:
>
> >As it happens, ipfw[2] does this anyway.
>
> It does. But the router is a production machine and is
> running an older release of FreeBSD that doesn't have
> a solid IPFW2. (IPFW2 *just* hit full production quality
> somewhere between 4.8-RELEASE and now, I must wait until
> 4.9-RELEASE is out, and proves stable, before I can start
> using IPFW2. This, as you know, may take awhile.)
>
> --Brett
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
--
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/
More information about the freebsd-security
mailing list