Hi At some point this stopped working. I was able to use traceroute -I This rule let the echo request out and the resulting TTL exceeded was matched and allowed back in.
pass out inet proto icmp from <ournets> to any icmp-type echoreq I've had to change the rule to the following to keep traceroute going: pass out inet proto icmp from <ournets> to any Ian -- Ian Freislich _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
