Author: brucec
Date: Sat Feb 19 14:57:00 2011
New Revision: 218854
URL: http://svn.freebsd.org/changeset/base/218854
Log:
Update the icmp example to show allowing only the safe types.
Suggested by: Tom Judge <tom at tomjudge.com>
MFC after: 3 days
Modified:
head/share/examples/pf/pf.conf
Modified: head/share/examples/pf/pf.conf
==============================================================================
--- head/share/examples/pf/pf.conf Sat Feb 19 14:49:49 2011
(r218853)
+++ head/share/examples/pf/pf.conf Sat Feb 19 14:57:00 2011
(r218854)
@@ -32,4 +32,4 @@
#pass in on $ext_if proto tcp to ($ext_if) port ssh
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp
-#pass in on $ext_if proto icmp to ($ext_if)
+#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach,
redir, timex }
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
