[Bug 207598] pf adds icmp unreach on gre/ipsec somehow
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 28 13:20:23 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
--- Comment #22 from Kristof Provost <kp at freebsd.org> ---
(In reply to Max from comment #21)
Yeah, I guess that makes sense. After all, the rules tell PF to drop the ICMP
packet, which it does. It tells the network stack that the packet was dropped,
so it generates an 'ICMP destination unreachable' error.
In this case that's correct, because the destination really is unreachable.
Arguably that error should be under the control of the firewall, but I'm not
sure this is really wrong.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list