Block incoming pings while allowing outgoing pings
Aug 26, '03 09:39:00AM
Contributed by: macubergeek
I use the shareware product Brickhouse to manage my ipfw host firewall rules on my mac. Here is how to permit your Mac to ping outbound, but also block incoming pings.
Create two custom services:
- Action Deny, service Custom Service Protocol icmp, source The internet, Destination my computer. Click Advanced Options and in box icmp Types, put 8, specifying icmp requests.
- Directly below above rule, create a second rule. Action Allow, Custom Service, protocol icmp, source The Internet, Destination My Computer, and under Advanced Options, put ICMP types 0. This permits the echo responses back to your computer from pings you send outbound.
So some of you might say "Well ipfw is stateful packet inspection, why do I need to do the second rule?" Because ipfw dosn't keep state on icmp.
Comments (9)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030824163711704