IP packet with options

Malcolm Clarke malcolm.clarke at brunel.ac.uk
Wed Nov 7 08:28:12 PST 2007

I have configured a machine with 2 NIC and IPFW in a rather simplistic 
way as we are using it to emulate different link characteristics rather 
than as an actual firewall.

00100 4 355 pipe 1 ip from any to any via de0 in
00200 1  56 pipe 2 ip from any to any via de0 out
00300 0   0 pipe 3 ip from any to any via de1 in
00400 3 288 pipe 4 ip from any to any via de1 out
65535 4 246 deny ip from any to 

The configuration works fine and traffic crosses the firewall without 
problem, except ICMP packets having timestamp or routing option, and 
these are not returned.

Is there a way to allow these packets to enter/exit the firewall?



Dr Malcolm Clarke
Senior Lecturer in Data Communication Systems and Telemedicine
Department of Information Systems and Computing
Brunel University

Tel: +44 1895 265053
Fax: +44 1895 251686


More information about the freebsd-questions mailing list