On Fri, Nov 29, 2013 at 1:28 PM, Ian FREISLICH <i...@clue.co.za> wrote:
> Hi > > At some point this stopped working. I was able to use traceroute -I > This rule let the echo request out and the resulting TTL exceeded > was matched and allowed back in. > > Which freeBSD version you are testing this? Normally it should just work unless the reply src ip is different from your sent dstip. > pass out inet proto icmp from <ournets> to any icmp-type echoreq I've had to change the rule to the following to keep traceroute going: > > pass out inet proto icmp from <ournets> to any > > Ian > > -- > Ian Freislich > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > -- Ermal _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
