On 12/04/2011 01:04 AM, Ian Smith wrote: <SNIP>
For one, google 'icmp redirect attack'
But isn't that handled by setting: net.inet.icmp.drop_redirect=1
# This is the ICMP rule we generally use: # ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18
Hmmm.... I just tried this and it seems to break ping... _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
