pf, ping and traceroute

jonathan michaels jon at caamora.com.au
Mon Sep 10 20:39:42 PDT 2007


greetings all,

i am new to pf and freebsd (v6.2-R), while i have been using freebsd
for about ten years .. i stoped at about v2.2.5 (or 7) it worked for me
and on a 386dx33 with 8 mb dram it was perfect.

now i am slowly coming to terms with freebsd v6.2, i did it in one
step, from v2 to v6 it is a big cultural shift.

my question is to do with pf and the using of things like ping and
traceroute, using pf (any sort of a generic 'firewall'
device/application/whatever) seems to preclude or severly limit my
ability to do/use tools like ping/traceroute to test/check/verify
whatever the usual admin functionality. i've read (and rearead, and
rerea..) the documentation to me (with my learning difficulties) it is
hard very hard to understand.

i get that it is part of teh functionality to stop outside stuff
garbage bad people from getting to teh inside but how do i make a
"hole" in teh 'firewall' for ping/traceroute without opening up teh
firewall to let the same (ping/traceroute/etc) stuff come in from teh
outside ???? 

apologies for my poor writing.

kind regards appreciations and thanks

jonathan

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====


More information about the freebsd-pf mailing list