Расшифровка кодов ICMP сообщений:
echo reply (0), destination unreachable (3), source quench (4), redirect (5),
echo request (8), router adver-tisement (9),
router solicitation(10), time-to-live exceeded (11), IP header bad (12),
timestamp request (13), timestamp reply (14),
information request (15), information reply (16), address mask request (17) and
address mask reply (18).
${fwcmd} add 00300 allow icmp from any to внешний_IP in via внешний_интерфейс icmptype 0,3,4,11,12
${fwcmd} add 00301 allow icmp from внешний_IP to any out via внешний_интерфейс icmptype 3,8,12
${fwcmd} add 00304 allow icmp from внешний_IP to any out via внешний_интерфейс frag
${fwcmd} add 00305 deny log icmp from any to any in via внешний_интерфейс
|
