View Single Post
  #3   (View Single Post)  
Old 11th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
Join Date: Apr 2008
Location: Dutchman living in the UK
Posts: 2,199

Not so difficult I would say:
block in on $ext_if inet proto icmp all
Or block all ICMP except ping:
pass in on $ext_if inet proto icmp all icmp-type echoreq keep state
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote