pf如何设置拒绝ping

九月 12, 2007 at 11:11 下午 by Kim Chow · Filed under freebsd, 操作系统

pf.conf中写入下面的就可以了

  1. block in inet proto icmp all icmp-type echoreq keep state

反之,

  1. pass in inet proto icmp all icmp-type echoreq keep state

也可以把其他ICMP给禁用了,只允许Ping。

  1. block drop on $ext_if proto icmp from any to $ext_if
  2. pass in inet proto icmp all icmp-type echoreq keep state

RSS feed for comments on this post · TrackBack URL

发表评论