Re: IP fragmentation problem in the 2.0 kernels ?

Keith Owens (
Wed, 10 Sep 1997 18:47:16 +1000

On Wed, 10 Sep 1997 00:12:03 -0400 (EDT),
Jon Lewis <> wrote:
>Is there a way (using kernel 2.0.x) to block types of icmp with the
>firewalling code? i.e. say I have a multiport linux router and want to
>block just icmp echo request and echo reply. Is there an easy way to do

ipfwadm -I -i deny -P icmp -S 8 -D -W eth0
ipfwadm -I -i deny -P icmp -S 0 -D -W eth0

Requires 2.0.29 with suitable patches or 2.0.30+ (pre-2.0.31-9
recommended, some masq fixes were missed in 2.0.30). Turn masquerade
ICMP on. You also need a copy of ipfwadm that understands -P icmp.