icmp echo disable (or dont answer pings)
Karel Gardas
kgardas at objectsecurity.com
Wed May 31 07:26:09 UTC 2006
Hello,
On Wed, 31 May 2006, Chris Johns wrote:
> Joel Sherrill wrote:
>> Comments please. This does seem like a reasonable application feature.
>
> I would like to see the Wiki updated to document this feature as it is not
> standard.
>
> Extending the stack this way could result in this feature being lost if (or
> when) the stack is upgraded. I see it is a simple patch which provides a
> specific solution to a specific problem, but have to wonder what FreeBSD does
> to handle this normally. Does it use some sort of firewall rules ? If it does
> could this approach have been used ?
although the original patch was simple and elegant I would also speak for
standard FBSD firewall addition. Either it might be standard ipfw or
OpenBSD's pf.
Speaking about this, you might find that pinging embedded machines might
be usable at least from _some_ hosts.
Karel
--
Karel Gardas kgardas at objectsecurity.com
ObjectSecurity Ltd. http://www.objectsecurity.com
More information about the users
mailing list