block in proto icmp all pass in quick on fxp0 proto icmp from any to any icmp-type echo pass in quick on fxp0 proto icmp from any to any icmp-type echorep pass in quick on xl0 proto icmp from any to any icmp-type echo pass in quick on xl0 proto icmp from any to any icmp-type echorep pass in quick on tun0 proto icmp from any to any icmp-type echo pass in quick on tun0 proto icmp from any to any icmp-type echorep
Should the above rules allow me to ping across networks? The FW itself can ping all the hosts on both sides, but for example hosts strung off the tun0 VPN tunnel can't ping the FW, hosts on xl0 (internal lan) can't ping the FW or hosts on the VPN. Am I missing something? This seems pretty simple to do.
