Question about icmp

Nicolas KARP nicolaskarp at
Wed Aug 20 18:40:59 UTC 2008

Leslie Jensen a écrit :
> When setting up PF I found the recommendation to use the following 
> rule to allow ICMP to pass.
> # macros
> icmp_types="echoreq"
> # filter rules
> pass in inet proto icmp all icmp-type $icmp_types keep state
> I do not understand why this is necessary!
> Will someone Please explain to me why it's necessary if I must have 
> it, or if I can delete that rule.
> Thanks
> /Leslie
> _______________________________________________
> freebsd-pf at mailing list
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at"

Fo my mind, it's just an example.. So,you can delete that rule if you 
don't want to permit the ping request :)
You must add an ICMP rule if you are using PMTU discovery !




More information about the freebsd-pf mailing list