svn commit: r42084 - head/en_US.ISO8859-1/books/handbook/firewalls
Warren Block
wblock at FreeBSD.org
Sat Jun 29 13:19:43 UTC 2013
Author: wblock
Date: Sat Jun 29 13:19:43 2013
New Revision: 42084
URL: http://svnweb.freebsd.org/changeset/doc/42084
Log:
Correct the example that allows internal but blocks external ICMP.
Reviewed by: Peter N. M. Hansteen <peter at bsdly.net>
Modified:
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Jun 29 12:11:17 2013 (r42083)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Jun 29 13:19:43 2013 (r42084)
@@ -1086,8 +1086,8 @@ rdr-anchor "ftp-proxy/*"</programlisting
<acronym>ICMP</acronym> traffic from the local net through
and stop probes from elsewhere at the gateway:</para>
- <programlisting>pass inet proto icmp icmp-type $icmp_types from $localnet to any keep state
-pass inet proto icmp icmp-type $icmp_types from any to $ext_if keep state</programlisting>
+ <programlisting>pass inet proto icmp from $localnet to any keep state
+pass inet proto icmp from any to $ext_if keep state</programlisting>
<para>Stopping probes at the gateway might be an attractive
option anyway, but let us have a look at a few other
More information about the svn-doc-head
mailing list