On Fri, Nov 29, 2013 at 1:28 PM, Ian FREISLICH <[email protected]> wrote:
> Hi > > At some point this stopped working. I was able to use traceroute -I > This rule let the echo request out and the resulting TTL exceeded > was matched and allowed back in. > > Which freeBSD version you are testing this? Normally it should just work unless the reply src ip is different from your sent dstip. > pass out inet proto icmp from <ournets> to any icmp-type echoreq I've had to change the rule to the following to keep traceroute going: > > pass out inet proto icmp from <ournets> to any > > Ian > > -- > Ian Freislich > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" > -- Ermal _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
