ipfwadm: deny incoming pings

ipfwadm: deny incoming pings

Post by Tom Vi » Thu, 18 Jun 1998 04:00:00



i'm trying to firewall my ppp0 interface against incoming pings, but i
haven't quite figured out ipfwadm. btw, i want other icmp messages to
pass through. i've tried:

# ipfwadm -I -a deny -P icmp -S 8 -W ppp0

but i get "ipfwadm: host/network "8" not found".

how do i specify icmp echos? will "-I -a deny -P icmp -S 0.0.0.0 8 -W
ppp0" work?

--
Tom Vier - 0x82B007A8    | Hate Micro$hit, AOLame, and Untel?

Tortured Souls Software  | http://www.erols.com/thomassr/zero/

 
 
 

ipfwadm: deny incoming pings

Post by Michael Fowl » Thu, 18 Jun 1998 04:00:00



 ipfwadm: deny incoming pings:

Quote:>i'm trying to firewall my ppp0 interface against incoming pings, but i
>haven't quite figured out ipfwadm. btw, i want other icmp messages to
>pass through. i've tried:

># ipfwadm -I -a deny -P icmp -S 8 -W ppp0

>but i get "ipfwadm: host/network "8" not found".

>how do i specify icmp echos? will "-I -a deny -P icmp -S 0.0.0.0 8 -W
>ppp0" work?

ipfwadm -I -a deny -S 0.0.0.0/0 8 -P icmp -W ppp0 -ov
                             ^^
                             ^^ No bits masked, important.

0/0 is another way to write it.

Quote:

>--
>Tom Vier - 0x82B007A8    | Hate Micro$hit, AOLame, and Untel?

*sigh* some forms of advocacy get so tiresome..


>Tortured Souls Software  | http://www.erols.com/thomassr/zero/

Respectfully,
Michael
--

--                                   --
All my life I wanted to be someone;
I guess I should've been more specific.
--                                   --

 
 
 

ipfwadm: deny incoming pings

Post by Tom Vi » Thu, 18 Jun 1998 04:00:00


Quote:> >how do i specify icmp echos? will "-I -a deny -P icmp -S 0.0.0.0 8 -W
> >ppp0" work?

> ipfwadm -I -a deny -S 0.0.0.0/0 8 -P icmp -W ppp0 -ov
>                              ^^
>                              ^^ No bits masked, important.

> 0/0 is another way to write it.

thanx.

Quote:> >Tom Vier - 0x82B007A8    | Hate Micro$hit, AOLame, and Untel?
> *sigh* some forms of advocacy get so tiresome..

yeah, i know. i need a new (gnu?) tag.

--
Tom Vier - 0x82B007A8    | Hate Micro$hit, AOLame, and Untel?

Tortured Souls Software  | http://www.erols.com/thomassr/zero/

 
 
 

1. ipfwadm question - Incoming connections with IP Masq.

How does one deal with incoming connections when using IP Masquerading?  Our
internal machines use 192.160.x.x addresses, so clearly an outside machine
could never talk to one by asking for its address.  What I have in mind is
tell the Linux firewall/router to do the following (all IPs and ports are
made up):

The firewall's address is 209.1.1.1.  If an connection comes in to 209.1.1.1
port 40, forward that connection to 192.168.0.120 port 80.  The machine
somewhere on the internet will never know that it is actually talking to the
internal machine - it will think it is talking only to 209.1.1.1.

For example, this could be used to route incoming mail from the firewall to
our mail server.

Can this be done with ipfwadm?  Of do I need something else?  I have the TIS
firewall toolkit, which consists of application level proxies (including an
SMTP proxy); however, for what I am doing this would be an unnecessary
administrative issue.

I was able to do this with Win NT 4 and a trial version of WinProxy, but
(surprise!) the system proved too unstable for ongoing use; therefore I am
trying to do it with Linux instead.


[* Kyle Cordes Software Solutions |       Come see the     *]
[* http://www.kylecordes.com      | BDE Alternatives Guide *]

2. scheduler question

3. ipfwadm acctg: track IP addr of incoming and outgoing pkts

4. Hot: Alpha-Linux MultiMedia Project call for resume

5. HOW-TO: Deny Incoming Email from Specific Domains

6. PVM (Parallel Virtual Machine) and Linux ???

7. Denying incoming ICMP

8. Perl5 on FreeBSD - dbm problems

9. HOW-TO: Deny Incoming Email from Specific Domains

10. ipfwadm: Deny or Reject?

11. How to stop logging of denied ipfwadm connections?

12. ipfwadm: difference between 'reject' and 'deny' commands?