Re: Problems with icmp and ipfilter.
This is a discussion on Re: Problems with icmp and ipfilter. within the IPFilter forums, part of the System Security and Security Related category; keep state fixed it thanks everyone! ArkanoiD wrote: > nuqneH, > > You may just keep state. > > On ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-11-2006
|
|||
|
|||
Re: Problems with icmp and ipfilter.
keep state fixed it thanks everyone!
ArkanoiD wrote: > nuqneH, > > You may just keep state. > > On Thu, May 11, 2006 at 03:45:24PM -0300, Scott Walker wrote: >> block in proto icmp all >> pass in quick on fxp0 proto icmp from any to any icmp-type echo >> pass in quick on fxp0 proto icmp from any to any icmp-type echorep >> pass in quick on xl0 proto icmp from any to any icmp-type echo >> pass in quick on xl0 proto icmp from any to any icmp-type echorep >> pass in quick on tun0 proto icmp from any to any icmp-type echo >> pass in quick on tun0 proto icmp from any to any icmp-type echorep >> >> Should the above rules allow me to ping across networks? The FW itself >> can ping all the hosts on both sides, but for example hosts strung off >> the tun0 VPN tunnel can't ping the FW, hosts on xl0 (internal lan) can't >> ping the FW or hosts on the VPN. >> >> Am I missing something? This seems pretty simple to do. 
|
Linear Mode
