Date: Sat, 28 May 2016 13:20:23 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Message-ID: <bug-207598-17777-zrBKJTsRsJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598 --- Comment #22 from Kristof Provost <kp@freebsd.org> --- (In reply to Max from comment #21) Yeah, I guess that makes sense. After all, the rules tell PF to drop the ICMP packet, which it does. It tells the network stack that the packet was dropped, so it generates an 'ICMP destination unreachable' error. In this case that's correct, because the destination really is unreachable. Arguably that error should be under the control of the firewall, but I'm not sure this is really wrong. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-17777-zrBKJTsRsJ>