Question about icmp
Nicolas KARP
nicolaskarp at freE.fr
Wed Aug 20 18:40:59 UTC 2008
Leslie Jensen a écrit :
>
> When setting up PF I found the recommendation to use the following
> rule to allow ICMP to pass.
>
> # macros
> icmp_types="echoreq"
>
> # filter rules
> pass in inet proto icmp all icmp-type $icmp_types keep state
>
> I do not understand why this is necessary!
>
> Will someone Please explain to me why it's necessary if I must have
> it, or if I can delete that rule.
>
> Thanks
>
> /Leslie
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
Hi,
Fo my mind, it's just an example.. So,you can delete that rule if you
don't want to permit the ping request :)
You must add an ICMP rule if you are using PMTU discovery !
Bye,
Nicos.
More information about the freebsd-pf
mailing list