Are you sure you don't have some other rule which is letting those returned
packets out the other port? When I substitute your rule for my two:
ipfw delete 10531
ipfw delete 10532
ipfw add 10531 allow icmp from any to any icmptypes 0,3,11,12 in
The returning packets are dropped inside the
> > add 10510 allow icmp from any to any out via oif() keep-state
>
> I don't think ICMP is stateful :)
>
> You need both in and out rules for ICMP because the logical responses to
> packets can't be reliably connected into a single communication.
Actually, I disagree. True, ICMP is not a stateful
In the last episode (Oct 31), Ivan Voras said:
> [EMAIL PROTECTED] wrote:
>
> > add 10510 allow icmp from any to any out via oif() keep-state
>
> I don't think ICMP is stateful :)
>
> You need both in and out rules for ICMP because the logical responses
> to packets can't be reliably connected i
[EMAIL PROTECTED] wrote:
> add 10510 allow icmp from any to any out via oif() keep-state
I don't think ICMP is stateful :)
You need both in and out rules for ICMP because the logical responses to
packets can't be reliably connected into a single communication.
signature.asc
Description: Open
I'm now running 6.1 using PPPoE through a bridging DSL modem.
Using ipfw
I have the following rules regarding for ping / traceroute:
oip, oif are the outside tun0 ip addr and interface
inet, imask, and iif are the internal netip/mask/interface
from ipfw.conf:
# Allow pings out
# Note that for
