FreeBSD 6.2 / How to disable incoming (only) ping, but enable all outcoming (from me) ping using ipfw?
By Daki - Last updated: Thursday, May 28, 2009 - Save & Share - One Comment
Sergey asked:
What rules need to be added to ipfw settings at startup?
I want I cannot be pinged by anybody from internet, but I can ping any ip.
Thanks very much
kuapp.com/
What rules need to be added to ipfw settings at startup?
I want I cannot be pinged by anybody from internet, but I can ping any ip.
Thanks very much
kuapp.com/
Comment from W G
Time May 31, 2009 at 12:18 pm
Edit your /etc/rc.firewall file and in the respective firewall section that you are using in your rc.conf, set the following rules:
# Permit ICMP from internal interface to anywhere
ipfw add allow icmp from any to any out via keep-state
# Deny ICMP to external interface
ipfw add deny icmp from any to any in via
This should do it. What it allows is any ICMP that was sent from your public interface to go out and have return ICMP messages, but refuses anything to come in that interface that was not generated by you The /etc/rc.conf should have your firewall_enable=”YES” and firewall_type=. I suggest creating your own rule set/type and using the format similar to [Ff][Ii][Rr][Ee][Yy] (Firey) to define the rule set in the rc.firewall file. Follow the example they use for [Oo][Pp][Ee][Nn] (Open) rule set when setting it up. I looked for an example of this online, but haven’t seen a good one to show you how it works. If you do this, you won’t have to modify the existing firewall types defined in the file.
WG