DragonFly users List (threaded) for 2006-09
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Bridging again
Tiv wrote:
I'm no expert, but unless you intend to block ICMP messages,
you just might want to use something like this...
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
If you can't ping/arp a host (icmp disabled), I'd think you'd have
trouble connecting ssh...
When i block/filter icmp on a Cisco router I get this:
ssh: connect to host targa port 22: No route to host
...just something to consider.
No, I never had to explicitly allow ICMP on any of my firewalls, because
stateful filtering takes care of internet connection messaging protocol
as well. I only had to explicitly allow echo requests and echo replies.
Otherwise I would have allowed ICMP.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]