What rules requirement to be added to ipfw settings at startup?
I want I cannot be pinged by anybody from internet, but I can ping any ip.
Thanks amazingly much :-)
Answers:
Edit your /etc/rc.firewall wallet and contained by the respective firewall slice that you are using in your rc.conf, set the following rules:
# Permit ICMP from internal interface to anywhere
ipfw affix <rule #> allow icmp from any to any out via <ext if> keep-state
# Deny ICMP to external interface
ipfw make a payment <rule#> deny icmp from any to any surrounded by via <ext if>
This should do it. What it allows is any ICMP that be sent from your public interface to turn out and hold return ICMP messages, but refuse anything to come in that interface that be not generate by you The /etc/rc.conf should enjoy your firewall_enable="YES" and firewall_type=<yourruleset>. I suggest creating your own rule set/type and using the format similar to [Ff][Ii][Rr][Ee][Yy] (Firey) to outline the rule set contained by the rc.firewall directory. Follow the example they use for [Oo][Pp][Ee][Nn] (Open) rule set when setting it up. I looked for an example of this online, but haven't see a righteous one to show you how it works. If you do this, you won't hold to modify the existing firewall types defined in the directory.
WG