svn commit: r218854 - head/share/examples/pf

Bruce Cran brucec at
Sat Feb 19 14:57:01 UTC 2011

Author: brucec
Date: Sat Feb 19 14:57:00 2011
New Revision: 218854

  Update the icmp example to show allowing only the safe types.
  Suggested by: Tom Judge <tom at>
  MFC after:	3 days


Modified: head/share/examples/pf/pf.conf
--- head/share/examples/pf/pf.conf	Sat Feb 19 14:49:49 2011	(r218853)
+++ head/share/examples/pf/pf.conf	Sat Feb 19 14:57:00 2011	(r218854)
@@ -32,4 +32,4 @@
 #pass in on $ext_if proto tcp to ($ext_if) port ssh
 #pass in log on $ext_if proto tcp to ($ext_if) port smtp
 #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
-#pass in on $ext_if proto icmp to ($ext_if)
+#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }

More information about the svn-src-all mailing list