Revisiting Traceroute Through ipfw FreeBSD9.x

Martin McCormick martin at
Thu Mar 7 21:00:26 UTC 2013

I immediately found several plausible examples of what to put in
the firewall rules file and the following rules were set just
after the local loopback address:



        # Allow traceroute to function, but not to get in.
        ${fwcmd} add unreach port udp from any to ${ip} 33435-33524
        # Allow some inbound icmps - echo reply, dest unreach, source quench,
        # echo, ttl exceeded.
        ${fwcmd} add allow icmp from any to any icmptypes 0,3,4,8,11

	My thanks to previous posters for these rules. I still,
however only get

 *traceroute: sendto: Permission denied
traceroute: wrote 52 chars, ret=-1

	I also did try:

sysctl net.inet.udp.blackhole=0

then 1 and even 2 with no change.

	What else should I look at? The firewall rules are
otherwise working as they should.

	Thank you.

Martin McCormick

More information about the freebsd-questions mailing list