ipfw -- why need to let icmp out that I already let in?
Ivan Voras
ivoras at freebsd.org
Tue Oct 30 16:11:39 PDT 2007
freebsd at dreamchaser.org wrote:
> add 10510 allow icmp from any to any out via oif() keep-state
I don't think ICMP is stateful :)
You need both in and out rules for ICMP because the logical responses to
packets can't be reliably connected into a single communication.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071030/17c43166/signature.pgp
More information about the freebsd-questions
mailing list