View Single Post
  #3   (View Single Post)  
Old 11th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243

Not so difficult I would say:
block in on $ext_if inet proto icmp all
Or block all ICMP except ping:
pass in on $ext_if inet proto icmp all icmp-type echoreq keep state
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote