Re: IP fragmentation problem in the 2.0 kernels ?

Keith Owens (kaos@ocs.com.au)
Wed, 10 Sep 1997 18:47:16 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Olaf Titz: "Re: IP fragmentation problem in the 2.0 kernels ?"
Previous message: Werner Almesberger: "Kernel config revisited (was: Re: _My_ turn for a 2.1 wishlist)"

On Wed, 10 Sep 1997 00:12:03 -0400 (EDT),
Jon Lewis <jlewis@inorganic5.fdt.net> wrote:
>Is there a way (using kernel 2.0.x) to block types of icmp with the
>firewalling code? i.e. say I have a multiport linux router and want to
>block just icmp echo request and echo reply. Is there an easy way to do
>it?

ipfwadm -I -i deny -P icmp -S 0.0.0.0/0 8 -D 0.0.0.0/0 -W eth0
ipfwadm -I -i deny -P icmp -S 0.0.0.0/0 0 -D 0.0.0.0/0 -W eth0

Requires 2.0.29 with suitable patches or 2.0.30+ (pre-2.0.31-9
recommended, some masq fixes were missed in 2.0.30). Turn masquerade
ICMP on. You also need a copy of ipfwadm that understands -P icmp.
See http://www.wwonline.com/~achau/ipmasq.

Next message: Olaf Titz: "Re: IP fragmentation problem in the 2.0 kernels ?"
Previous message: Werner Almesberger: "Kernel config revisited (was: Re: _My_ turn for a 2.1 wishlist)"