Chad M Stewart wrote: > On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote: > > > > pass in inet proto icmp all icmp-type $icmp_types keep state > > This can be used as a covert communication channel. Allowing > internal IPs to send/receive ping is bad.
Bull. Not allowing ICMP is just as bad. Worse actually, as you are violating RFCs. Quit spreading this FUD. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
