On 2022/05/09 23:16, Alexandr Nedvedicky wrote:
> Hello,
>
> I'm sorry I was too fast with commit. I've just committed
> what's been suggested by bluhm@:
That's totally ok, my diff is on top and wasn't written until you
committed yours :-)
> @@ -2186,6 +2186,7 @@ It cannot be used with
>
On Mon, May 09, 2022 at 10:08:24PM +0100, Stuart Henderson wrote:
> This is helpful, but because it's so surprising that "pass proto icmp"
> doesn't pass all icmp traffic, I think it would help to mention it where
> "proto icmp" is described too.
>
> Also, the top of the text about "sloppy" just t
Hello,
I'm sorry I was too fast with commit. I've just committed
what's been suggested by bluhm@:
@@ -2186,6 +2186,7 @@ It cannot be used with
.Cm modulate state
or
.Cm synproxy state .
+With this option ICMP replies can create states.
.It Ar timeout seconds
Chang
This is helpful, but because it's so surprising that "pass proto icmp"
doesn't pass all icmp traffic, I think it would help to mention it where
"proto icmp" is described too.
Also, the top of the text about "sloppy" just talks about the sloppy
TCP connection tracker, I think perhaps it would be be
On Sun, May 08, 2022 at 09:58:47PM +0200, Alexandr Nedvedicky wrote:
> Hello,
>
> On Sun, May 08, 2022 at 08:06:57PM +0200, Alexander Bluhm wrote:
> > On Sun, May 08, 2022 at 06:37:57PM +0200, Alexandr Nedvedicky wrote:
> > > this tiny update to pf.conf(5) has been prompted here [1] on
> > > pf ma
Hello,
On Sun, May 08, 2022 at 08:06:57PM +0200, Alexander Bluhm wrote:
> On Sun, May 08, 2022 at 06:37:57PM +0200, Alexandr Nedvedicky wrote:
> > this tiny update to pf.conf(5) has been prompted here [1] on
> > pf mailing list. By default only ICMP queries are allowed
> > to create state in pf(4)
