icmp-type echoreq not matching resulting ttl exceeded
Ian FREISLICH
ianf at clue.co.za
Fri Nov 29 12:28:45 UTC 2013
Hi
At some point this stopped working. I was able to use traceroute -I
This rule let the echo request out and the resulting TTL exceeded
was matched and allowed back in.
pass out inet proto icmp from <ournets> to any icmp-type echoreq
I've had to change the rule to the following to keep traceroute going:
pass out inet proto icmp from <ournets> to any
Ian
--
Ian Freislich
More information about the freebsd-pf
mailing list