From owner-freebsd-doc@FreeBSD.ORG Wed Sep 6 05:45:45 2006 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EB1616A4DA; Wed, 6 Sep 2006 05:45:45 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE57043D46; Wed, 6 Sep 2006 05:45:43 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id k865jJ16046872; Wed, 6 Sep 2006 06:45:19 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=softfail; spf=softfail X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk k865jJ16046872 Message-ID: <44FE6068.5000801@infracaninophile.co.uk> Date: Wed, 06 Sep 2006 06:45:12 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.5 (X11/20060801) MIME-Version: 1.0 To: John Archambeau References: <200609051159.k85BxO6H049544@freefall.freebsd.org> In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig3FBD0D82BF65546A25D3553F" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Wed, 06 Sep 2006 06:45:39 +0100 (BST) X-Virus-Scanned: ClamAV 0.88.4/1811/Wed Sep 6 02:32:58 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_POLICY_TESTING, NO_RELAYS autolearn=ham version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on happy-idiot-talk.infracaninophile.co.uk Cc: Remko Lodder , freebsd-doc@freebsd.org Subject: Re: docs/101114: icmptype names not in icmp(4) manpage X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 05:45:45 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig3FBD0D82BF65546A25D3553F Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable John Archambeau wrote: > To create a pf.conf file (see man pf.conf) properly for filtering of > icmp, you must specify the icmptype(s) by abbreviation per the OpenBSD > icmp(4) manpage you wish to filter. It's not like ipfw where you can > specify the icmptype by number, it must be the type by the > abbreviation as specified as by the OpenBSD manpage for icmptypes. Are you sure about that? happy-idiot-talk:/etc:% uname -a FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.1-STABLE FreeBSD 6.1-ST= ABLE #6: Mon Aug 28 14:01:08 BST 2006 root@happy-idiot-talk.infracani= nophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 happy-idiot-talk:/etc:% cat pf.conf=20 icmp_types=3D"{ 0 3 8 11 }" scrub in pass all pass inet proto icmp all icmp-type $icmp_types keep state happy-idiot-talk:/etc:% sudo pfctl -f pf.conf happy-idiot-talk:/etc:% sudo pfctl -sr scrub in all fragment reassemble pass all pass inet proto icmp all icmp-type echorep keep state pass inet proto icmp all icmp-type unreach keep state pass inet proto icmp all icmp-type echoreq keep state pass inet proto icmp all icmp-type timex keep state Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig3FBD0D82BF65546A25D3553F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/mBu8Mjk52CukIwRCGuBAJ9VfRl0OxOnZgEeOmyLXRb85Sb9yQCeNPnd +gIu5deAZ+SjZ3wLo/h/mhM= =DGkP -----END PGP SIGNATURE----- --------------enig3FBD0D82BF65546A25D3553F--