[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't ping outside the firewall

To: misc@openbsd.org
Subject: Re: Can't ping outside the firewall
From: "Matthew L. Shobe" <mls@shobe.org>
Date: Sun, 14 Sep 2003 02:46:35 -0400
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <20030914023732.GE15928@othin.ninehells.com> <HAEPKEOPEAMLFPBKHOMMAEMEDNAA.ingmar.koecher@netikus.net> <20030914062237.GG15928@othin.ninehells.com>
User-Agent: Mutt/1.5.4i

On Sun, Sep 14, 2003 at 01:22:37AM -0500, Peter H. Coffin wrote:
> There's no connection, and no state to keep. Let them back in.

pf.conf(5) says otherwise:

	ICMP error messages, which always refer to a TCP or UDP
	packet, are matched against the referred to connection.

	[...]

	For ICMP queries, keep state creates an ICMP state, and
	pf(4) knows how to match ICMP replies to states.
-- 
mls

Follow-Ups:
- Re: Can't ping outside the firewall
  - From: Rick Hale <optik@wccnet.org>
- Re: Can't ping outside the firewall
  - From: "Peter H. Coffin" <hellsop@ninehells.com>

References:
- Re: Can't ping outside the firewall
  - From: "Peter H. Coffin" <hellsop@ninehells.com>
- Re: Can't ping outside the firewall
  - From: "Ingmar Koecher [ NETIKUS.NET ltd ]" <ingmar.koecher@netikus.net>
- Re: Can't ping outside the firewall
  - From: "Peter H. Coffin" <hellsop@ninehells.com>

Prev by Date: Re: Can't ping outside the firewall
Next by Date: Re: T-Shirt & Poster Concepts
Prev by thread: Re: Can't ping outside the firewall
Next by thread: Re: Can't ping outside the firewall
Index(es):
- Date
- Thread