Subject: Re: port-unreachable and system reboot
To: Christos Zoulas <email@example.com>
From: None <firstname.lastname@example.org>
Date: 05/27/2001 16:01:34
>> how about an (additional) ipf rule during bootstrap?
>this is difficult to get right, because many daemons want to get replies back
>from servers (think ntpdate).
i believe it is fairly easy - assuming that you are booting a server,
you just need to block all outgoing icmp (and incoming tcp packet with
SYN=1 if you want to). for IPv6 you need to let ND packets go out.