icmp echo disable (or dont answer pings)

Karel Gardas kgardas at objectsecurity.com
Wed May 31 07:26:09 UTC 2006


On Wed, 31 May 2006, Chris Johns wrote:

> Joel Sherrill wrote:
>> Comments please.  This does seem like a reasonable application feature.
> I would like to see the Wiki updated to document this feature as it is not 
> standard.
> Extending the stack this way could result in this feature being lost if (or 
> when) the stack is upgraded. I see it is a simple patch which provides a 
> specific solution to a specific problem, but have to wonder what FreeBSD does 
> to handle this normally. Does it use some sort of firewall rules ? If it does 
> could this approach have been used ?

although the original patch was simple and elegant I would also speak for 
standard FBSD firewall addition. Either it might be standard ipfw or 
OpenBSD's pf.

Speaking about this, you might find that pinging embedded machines might 
be usable at least from _some_ hosts.

Karel Gardas                  kgardas at objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com

More information about the users mailing list