On 8/12/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > On 8/12/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > > Let me guess, the hosts initiating the PING are running Windows? I'm > > pretty sure we've recently fixed this bug. Care to try it? > > > > With ipfilter 3.x (and hence m0n0wall) it doesn't matter if the hosts > are Windows or not. It isn't even as smart as PF's behavior prior to > that latest patch. Just doesn't work from multiple sources behind NAT > no matter what.
Ahhh, didn't realize IPFilter still sucked that hard. I've never used it with NAT. I thought it at least knew about the ICMPID though. > But yes, should be completely fixed here. :) The patch for those that care (it's commited in OpenBSD now I think) is http://marc.theaimsgroup.com/?l=openbsd-pf&m=112316815028454&w=2 and see http://marc.theaimsgroup.com/?l=openbsd-pf&m=112299265510286&w=2 for an explanation of what the patch actually does. The patch has been in since at least the hackathon, so all versions newer than .74 should have this fixed. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
