Subject: Re: port-unreachable and system reboot
To: Christos Zoulas <>
From: None <>
List: tech-net
Date: 05/27/2001 16:01:34
>>	how about an (additional) ipf rule during bootstrap?
>this is difficult to get right, because many daemons want to get replies back
>from servers (think ntpdate).

	i believe it is fairly easy - assuming that you are booting a server,
	you just need to block all outgoing icmp (and incoming tcp packet with
	SYN=1 if you want to).  for IPv6 you need to let ND packets go out.