docs/101114: icmptype names not in icmp(4) manpage

[Matthew Seaman]

John Archambeau wrote:

> To create a pf.conf file (see man pf.conf) properly for filtering of
> icmp, you must specify the icmptype(s) by abbreviation per the OpenBSD
> icmp(4) manpage you wish to filter.  It's not like ipfw where you can
> specify the icmptype by number, it must be the type by the
> abbreviation as specified as by the OpenBSD manpage for icmptypes.

Are you sure about that?

happy-idiot-talk:/etc:% uname -a
FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.1-STABLE FreeBSD 6.1-STABLE #6: Mon Aug 28 14:01:08 BST 2006     root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK  i386
happy-idiot-talk:/etc:% cat pf.conf 

icmp_types="{ 0 3 8 11 }"

scrub in
pass all

pass inet proto icmp all icmp-type $icmp_types keep state

happy-idiot-talk:/etc:% sudo pfctl -f pf.conf
happy-idiot-talk:/etc:% sudo pfctl -sr
scrub in all fragment reassemble
pass all
pass inet proto icmp all icmp-type echorep keep state
pass inet proto icmp all icmp-type unreach keep state
pass inet proto icmp all icmp-type echoreq keep state
pass inet proto icmp all icmp-type timex keep state


	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20060906/135201fc/attachment.sig>