DragonFly users List (threaded) for 2006-09
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Bridging again

From:	Gergo Szakal <bastyaelvtars@xxxxxxxxx>
Date:	Tue, 26 Sep 2006 13:37:51 +0200

Emiel Kollof wrote:

I would definately allow ICMP, because ICMP is just necessary. If you don't want ping to work, just disallow icmp echo and reply.

Again: that config works on OpenBSD 3.8, just we cannot ping, but other ICMP works. This is from the PF users' guide:

'Another advantage of keeping state is that corresponding ICMP traffic will be passed through the firewall. For example, if keep state is specified for a TCP connection and an ICMP source-quench message referring to this TCP connection arrives, it will be matched to the appropriate state entry and passed through the firewall.'

http://www.openbsd.org/faq/pf/filter.html

References:
- Bridging again
  - From: Gergo Szakal
- Re: Bridging again
  - From: Tiv
- Re: Bridging again
  - From: Gergo Szakal
- Re: Bridging again
  - From: Emiel Kollof

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]