docs/101114: icmptype names not in icmp(4) manpage
    Matthew Seaman 
    m.seaman at infracaninophile.co.uk
       
    Wed Sep  6 05:45:45 UTC 2006
    
    
  
John Archambeau wrote:
> To create a pf.conf file (see man pf.conf) properly for filtering of
> icmp, you must specify the icmptype(s) by abbreviation per the OpenBSD
> icmp(4) manpage you wish to filter.  It's not like ipfw where you can
> specify the icmptype by number, it must be the type by the
> abbreviation as specified as by the OpenBSD manpage for icmptypes.
Are you sure about that?
happy-idiot-talk:/etc:% uname -a
FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.1-STABLE FreeBSD 6.1-STABLE #6: Mon Aug 28 14:01:08 BST 2006     root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK  i386
happy-idiot-talk:/etc:% cat pf.conf 
icmp_types="{ 0 3 8 11 }"
scrub in
pass all
pass inet proto icmp all icmp-type $icmp_types keep state
happy-idiot-talk:/etc:% sudo pfctl -f pf.conf
happy-idiot-talk:/etc:% sudo pfctl -sr
scrub in all fragment reassemble
pass all
pass inet proto icmp all icmp-type echorep keep state
pass inet proto icmp all icmp-type unreach keep state
pass inet proto icmp all icmp-type echoreq keep state
pass inet proto icmp all icmp-type timex keep state
	Cheers,
	Matthew
-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20060906/135201fc/attachment.sig>
    
    
More information about the freebsd-doc
mailing list