Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Block incoming pings while allowing outgoing pings' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Block incoming pings while allowing outgoing pings
Authored by: Anonymous on Aug 26, '03 10:41:38AM
So some of you might say "Well ipfw is stateful packet inspection, why do I need to do the second rule?" Because ipfw dosn't keep state on icmp.

Yeah, you know, as I ate my bagel on the way into work on the subway, I was just saying to myself, "Well, ipfw is stateful packet inspection ... why would I need that second rule?"

Then I went, "Duh, of course, you idiot! The answer is simple! Ipfw doesn't keep state on icmp!"

I'm speaking a bit tongue in cheek. :-)

Does anyone mind translating the text of the above hint into a rudimentary form of English? ;-)

[ Reply to This | # ]

Block incoming pings while allowing outgoing pings
Authored by: molero on Aug 27, '03 03:49:55AM

I'm no expert on this, but one of the rules that Brickhouse writes to the ipfw config file and which you cannot change and always comes before any custom rules says:


#################################################
## Allow All ICMP Packets
#################################################
add 2004 allow icmp from any to any via en0

Wouldn't this allow pinging anyhow? Rules are applied top to bottom.



[ Reply to This | # ]
Requested English...
Authored by: macubergeek on Aug 27, '03 10:40:30AM

When you surf the internet, your computer talks to the other computer....
Your computer says:
1. Hi! can I talk to you?
the other computer says:
2. Yeh sure I'm not too busy
Your computer says:
3. Ok I got something important to say
Then your computer sends request for a web page to the other computer and the other computer sends you the web page.

Above was the three-way-handshake of TCP/IP
A firewall keeps information called "state" which is simply...
if I permit #1. above, I'll also let #2 and #3 as part of the pre-existing conversation. The firewall keeps a table of all the ongoing conversations called a State table.

What I was saying was ipfw dosn't do this with icmp.



[ Reply to This | # ]