Hi,
thats the result of the missing 'keep state' - change it to 'pass in
quick proto icmp all keep state' and it should work...
regards
andy
Am 24.06.2005 um 16:52 schrieb Erik Huizing:
Hello,
I'm planning to upgrade some of our servers to 4.1.8, and while
testing, found that icmp doesn't work with our current rule set.
We've got
# start of file
# outbound connections
pass out quick all keep state
# allow ping
pass in quick proto icmp all
# rest of file is port and IP-based ACLS
I found switching to this, worked
# allow ping
pass out quick proto icmp all
pass in quick proto icmp all
# outbound connections
pass out quick all keep state
Did something change between ipf 3.4.31 to 4.1.8 that would cause
this behaviour?
Am I correct in guessing I'll have to tweak the rule sets as I roll
out the upgrade?
--
Erik Huizing
Regional Services
(403)-781-4906
