Thread: PF rule to disable icmp?
View Single Post
  #3   (View Single Post)  
Old 11th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
  
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default
Not so difficult I would say:
Code:
block in on $ext_if inet proto icmp all
Or block all ICMP except ping:
Code:
pass in on $ext_if inet proto icmp all icmp-type echoreq keep state
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote