Date: Fri, 19 Jan 2001 10:01:55 +0100 From: Michel Talon <michel@lpthe.jussieu.fr> To: stable@FreeBSD.ORG Subject: Re: FreeBSD port: nmap-5-32 under 4.2-STABLE, No route to host -> IPFilter keep state problem Message-ID: <20010119100155.A461@lpthe.jussieu.fr> In-Reply-To: <200101190349.f0J3nnR01417@otterhole.yi.org> References: <20010119025750.V30538@hand.dotat.at> <200101190349.f0J3nnR01417@otterhole.yi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 18, 2001 at 10:49:49PM -0500, Al wrote: > My IPFilter rules include: > pass out quick proto icmp from any to any keep state > all the rules use quick, and no preceeding rules deny traffic. > It looks like the keep state function on IPFilter is broken? > I also changed the IPfilter default to deny traffic, may that > broke something? I will test some more. I may have misundesrstood, but i thought that keep state was only for TCP and UDP packets (and of short time validity for UDP). There are examples of managing ICMP in the IPFilter doc. -- Michel Talon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119100155.A461>