return-icmp() relative question to ipf rule.
Remko Lodder
remko at elvandar.org
Mon Oct 26 13:33:57 UTC 2009
On Oct 10, 2009, at 4:09 AM, jhell wrote:
>
> I have a rule I used in ipfilter probably around 2 or so years ago
> and I am now getting around to trying to implement in it my pf
> rules. So far any results I have achieved have failed with no
> response back from the server and get dropped.
>
> The rule in ipf syntax:
> block return-icmp-as-dest(13) in log first quick proto icmp all icmp-
> type 8
>
> The above ipf rule returns a result of "Destination Administratively
> Prohibited" when ping'd
>
> The following pf syntax:
> block return-icmp(3,13) in quick inet proto icmp from any to any
> icmp-type 8 code 0
>
> The above pf rule returns a result of "Nothing ........" when ping'd
>
> Just to be sure I wasn't mucking up the chain of rules I added this
> as the only rule to test it out and have achieved the same result
> multiple times on a test machine.
>
> Can anyone shed some light on the syntax and help me out with
> getting this rule to make the system respond to a echo request with
> admin-prohib as the destination system ?
>
> Thanks
>
*click* (the light is on)
Options returning ICMP packets currently have no effect if
pf(4)
operates on a if_bridge(4), as the code to support this
feature has
not yet been implemented.
from the Manual page. I think that answers the question?
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list