Bill Moran wrote:
User Freebsd wrote:
Two part question here ...
first part ... is there a way of just disabling icmp by setting a
sysctl, so that a server just doesn't respond to them?
second part ... is there a way of telling a cisco switch to drop all
icmp packets, preferrably to all but an exception list, but to
everywhere works as well ...
Sure, just uninstall TCP/IP. ICMP isn't needed unless you're using
TCP/IP.
:-) I was going to express the same idea a bit more politely...
Try running "tcpdump -nt icmp" and paying attention to what is going on;
blocking all ICMP traffic on an internet router will completely break PMTU
discovery and cause hatred and discontent for normal TCP/IP operations, too.
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
