On 29/07/2002, mike schiffman <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]: > # allow any internal connections to go outward > pass out proto tcp from any to any flags S/SA keep state > pass out proto icmp from any to any flags S/SA keep state > pass out proto udp from any to any flags S/SA keep state > > (Disabling pf fixes the problem). > So I first ran into this with libnet when running a small test program that > that builds and sends contrived TCP packets. The first packet I found to > return EHOSTUNREACH was a TCP packet with options with the FIN URG and PSH bits set
Well, would you care to read again what the 'flags' parameter is doing? I guess you additionally have block rules, or you mean IP options, which are blocked by default anyway. ciao --pb
