Date: Tue, 18 Jun 2002 21:46:42 -0700 (PDT) From: Yusuf Goolamabbas <yusufg@outblaze.com> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/39495: firewall man page should allow ICMP type 3 messages Message-ID: <200206190446.g5J4kgIo077613@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 39495
>Category: docs
>Synopsis: firewall man page should allow ICMP type 3 messages
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 18 21:50:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Yusuf Goolamabbas
>Release: 4.5-RELEASE
>Organization:
>Environment:
>Description:
firewall(7) has a paragraph about which ICMP packets to allow and what they do etc
The rule described there
add 04000 allow icmp from any to any icmptypes 0,5,8,11,12,13,14
This does not allow icmp type 3 message which will lead to Path MTU Discovery issues.
IMHO, The example rule should be changed to
add 04000 allow icmp from any to any icmptypes 0,3,8,11,12,13,14
Type 5 = Redirect is fairly dangerous and somebody might just cut/paste from the firewall manpage.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206190446.g5J4kgIo077613>