The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
Article Feedback - Who is this guy?
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 dont get the rules
Author: jorge 
Date:   10-08-01 17:59

hey man
what an article
i cant get the ICMP rules in the ipf set up
can u talk a little bit more about
# Return errors for icmp and udp
block return-icmp-as-dest(port-unr) in log on ext0 proto udp all
block return-icmp-as-dest(port-unr) in log on ext0 proto icmp all
what does that?
great article however

Reply To This Message
 Re: dont get the rules
Author: Dan Langille 
Date:   10-08-01 20:29

I didn't write the article, but you asked a very general question. It helps us to help you if you are even just a bit specific.

I'm going to guess that you are asking about the return-icmp-as-dest(port-unr) bit. And I'm going to guess myself what that means. I've not looked it up. I'll leave that for you to do. I'm sure a search will find the answer. Instead of just dropping the packets on the ground, ipf will return port unreachable to the sending IP address.

Reply To This Message
 Re: dont get the rules
Author: Leon Dang 
Date:   16-08-01 15:01

Thanks Dan for answering this for me.


It's a mechanism to tell automated worm scripts to butt-out and stop scanning those ports, since *they don't exist* to the internet.

As for your ICMP problems, if you state exactly what errors you're getting, then it'll help a lot. Also, the guys on freebsd usenet are very helpful if you don't get an answer here straight away. My only conclusion is that you might have copied and pasted the rules incorrectly...


Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum