Hi list,
I have an question. I want my pc (i.e admin_pc) to be able to traceroute which is behind a OpenBSD 4.8 pf firewall ( Doing NAT). So , I have added below rules in pf.conf file. match out on $ext_if from $lan_net nat-to ($ext_if) pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \ port 33433 >< 33626 keep state pass out log on $ext_if inet proto udp from $ext_if to any \ port 33433 >< 33626 keep state due to the above rules, my PC can traceroute. It works fine. *But*, in addition to that, Firewall also can traceroute because of the above *pass out* rule. I *do NOT* want firewall to be able to traceroute. my question is that How can I exclude my firewall from being able to doing it ? -- Thank you Indunil Jayasooriya
