Socketd wrote:
On Tue, 08 Jul 2003 22:51:24 -0700
Terry Lambert <[EMAIL PROTECTED]> wrote:
Hmm, why not just use a firewall?
Because most firewalls, even commercial ones, don't block the
ICMP messages you appear to be interested in blocking.
You appeared to want to turn your FreeBSD box into what'
On Tue, Jul 08, 2003 at 10:51:24PM -0700, Terry Lambert wrote:
> > > > I don't want to disable ICMP, just don't want to respond when ttl=0,
> > > > meaning when my firewall/gateway is on a "traceroute path".
> > >
> > > You should specifically modify the ICMP code to not respond
> > > to echo datag
On Tue, 08 Jul 2003 22:51:24 -0700
Terry Lambert <[EMAIL PROTECTED]> wrote:
> > Hmm, why not just use a firewall?
>
> Because most firewalls, even commercial ones, don't block the
> ICMP messages you appear to be interested in blocking.
>
> You appeared to want to turn your FreeBSD box into what
Socketd wrote:
> On Tue, 08 Jul 2003 04:17:04 -0700
> Terry Lambert <[EMAIL PROTECTED]> wrote:
> > > I don't want to disable ICMP, just don't want to respond when ttl=0,
> > > meaning when my firewall/gateway is on a "traceroute path".
> >
> > You should specifically modify the ICMP code to not res
On Tue, 08 Jul 2003 15:50:30 +0400
"Andrey Alekseyev" <[EMAIL PROTECTED]> wrote:
> You may also take a look at the IPSTEALTH kernel config
> option (see LINT):
>
> # IPSTEALTH enables code to support stealth forwarding (i.e.,
> forwarding
> # packets without touching the ttl). This can be usefu
On Tue, 08 Jul 2003 04:17:04 -0700
Terry Lambert <[EMAIL PROTECTED]> wrote:
> > I don't want to disable ICMP, just don't want to respond when ttl=0,
> > meaning when my firewall/gateway is on a "traceroute path".
>
> You should specifically modify the ICMP code to not respond
> to echo datagrams,
Socketd wrote:
> > I guess you want to do this so that you can break path MTU
> > discovery and fail to properly exchange packets with the DF
> > bit set in the headers, and which don't take into account
> > intermediate links with smaller MTUs, like VPNs or PPPOE
> > links?
> >
> > What exactly ar
On Tue, 08 Jul 2003 03:17:00 -0700
Terry Lambert <[EMAIL PROTECTED]> wrote:
> Socketd wrote:
> > Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a
> > firewall?
>
> I guess you want to do this so that you can break path MTU
> discovery and fail to properly exchange packets with th
Socketd wrote:
> Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a
> firewall?
I guess you want to do this so that you can break path MTU
discovery and fail to properly exchange packets with the DF
bit set in the headers, and which don't take into account
intermediate links with sm
On Mon, Jul 07 2003 (18:02:52 +0200), Socketd wrote:
> Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a
> firewall?
Yes, you'd need a firewall.
Cheers,
Toni
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/fr
On Mon, 7 Jul 2003 17:33:14 +0200
Toni Andjelkovic <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 07 2003 (01:22:05 +0200), Socketd wrote:
> > 1. Reading "man blackhole" I found that net.inet.udp.blackhole=1
> > will prevent traceroute. Is this only if the host is the end target?
> > or will it simply d
On Mon, Jul 07 2003 (01:22:05 +0200), Socketd wrote:
> 1. Reading "man blackhole" I found that net.inet.udp.blackhole=1 will
> prevent traceroute. Is this only if the host is the end target? or will
> it simply disable sending an ICMP packet when it get's a packet with
> ttl=1?
Look in sys/netinet
Hi all
1. Reading "man blackhole" I found that net.inet.udp.blackhole=1 will
prevent traceroute. Is this only if the host is the end target? or will
it simply disable sending an ICMP packet when it get's a packet with
ttl=1?
2. Does net.inet.icmp.drop_redirect drop all redirects?
Redirect
13 matches
Mail list logo