question concerned with dynamic rules
Igor Popov
igorpopov at newmail.ru
Mon May 30 06:30:35 PDT 2005
Hi all,
I have a question concerned with dynamic rules, say I have such rules:
ipfw check-state
ipfw allow udp from me to any out keep-state
if ttl of my packet will be zero on some router in path, it sends me icmp
error message ttl exceeded. Does last rule create dynamic rule that permit
icmp error message? My experience with traceroute shows that a such rule is
not created.
But with such rules:
ipfw check-state
ipfw allow udp from me to any out keep-state
ipfw allow icmp from any to me icmptype 3,4,11,12 in
traceroute works.
--
The truth is what is; what should be is a dirty lie.
-- Lenny Bruce
More information about the freebsd-ipfw
mailing list