Re: Can't ping outside the firewall

["Peter H. Coffin" <hellsop@ninehells.com>]

On Sun, Sep 14, 2003 at 02:46:35AM -0400, Matthew L. Shobe wrote:
> On Sun, Sep 14, 2003 at 01:22:37AM -0500, Peter H. Coffin wrote:
> > There's no connection, and no state to keep. Let them back in.
> 
> pf.conf(5) says otherwise:
> 
> 	ICMP error messages, which always refer to a TCP or UDP
> 	packet, are matched against the referred to connection.
> 
> 	[...]
> 
> 	For ICMP queries, keep state creates an ICMP state, and
> 	pf(4) knows how to match ICMP replies to states.

Okay, I'm wrong about that. I allow ICMP packets in, and I can recieve
pings. The original poster doesn't and can't. I would be interested to
hear why this is merely coincidental.

-- 
25. No matter how well it would perform, I will never construct any sort of 
    machinery which is completely indestructible except for one small and 
    virtually inaccessible vulnerable spot.
                --Peter Anspach's list of things to do as an Evil Overlord