pf, ping and traceroute
Kian Mohageri
kian.mohageri at gmail.com
Tue Sep 11 02:35:44 PDT 2007
On 9/10/07, jonathan michaels <jon at caamora.com.au> wrote:
>
> i get that it is part of teh functionality to stop outside stuff
> garbage bad people from getting to teh inside but how do i make a
> "hole" in teh 'firewall' for ping/traceroute without opening up teh
> firewall to let the same (ping/traceroute/etc) stuff come in from teh
> outside ????
>
PF was developed by OpenBSD, so their documentation is mostly
authoritative. Keep in mind the PF found in FreeBSD is slightly
different -- it isn't as new, for the most part (much of that changed
recently thanks to Max Laier).
Anyway, have you read the OpenBSD documentation?
http://www.openbsd.org/faq/pf/
Focus on understanding how the directions work (e.g. pass in vs. pass
out) and also 'keep state.' Understanding states is critical... have
you figured out how those work yet?
Are you filtering on a router? Switch? Server?
-Kian
More information about the freebsd-pf
mailing list