On Wed, Nov 20, 2002 at 04:25:49PM -0800, Michael Coulter wrote: > I am curious as to how to allow a pf-enabled machine to use ping's > record route option. I have tried this on an assortment of machines > and the result is that as soon as pf is enabled ping -R will return > a no route to host message. Further investigation with pflogd and > tcpdump seems to indicate the icmp packets are being blocked on the > way out. However I have a pass in all/pass out all ruleset.
Packets with IP options (such as RECORD_ROUTE) are blocked by pf by default. You can allow them with the 'allow-opts' option, see pf.conf(5). Daniel
