Socketd wrote: > > I guess you want to do this so that you can break path MTU > > discovery and fail to properly exchange packets with the DF > > bit set in the headers, and which don't take into account > > intermediate links with smaller MTUs, like VPNs or PPPOE > > links? > > > > What exactly are you getting from disabling ICMP, besides a > > broken network connection to some systems you may wish to be > > able to exchange packets with? > > I don't want to disable ICMP, just don't want to respond when ttl=0, > meaning when my firewall/gateway is on a "traceroute path".
You should specifically modify the ICMP code to not respond to echo datagrams, or when ttl == 0, then, and work it that way. In other words, it's time to hack your network stack to specifically add that "feature". -- Terry _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"