From owner-freebsd-doc Tue Jun 18 21:50:12 2002 Delivered-To: freebsd-doc@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D432937B409 for ; Tue, 18 Jun 2002 21:50:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g5J4o1a86665; Tue, 18 Jun 2002 21:50:01 -0700 (PDT) (envelope-from gnats) Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117]) by hub.freebsd.org (Postfix) with ESMTP id EE42D37B40C for ; Tue, 18 Jun 2002 21:46:42 -0700 (PDT) Received: from www.freebsd.org (localhost [127.0.0.1]) by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g5J4kghG077614 for ; Tue, 18 Jun 2002 21:46:42 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.2/8.12.2/Submit) id g5J4kgIo077613; Tue, 18 Jun 2002 21:46:42 -0700 (PDT) Message-Id: <200206190446.g5J4kgIo077613@www.freebsd.org> Date: Tue, 18 Jun 2002 21:46:42 -0700 (PDT) From: Yusuf Goolamabbas To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: docs/39495: firewall man page should allow ICMP type 3 messages Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 39495 >Category: docs >Synopsis: firewall man page should allow ICMP type 3 messages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 18 21:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Yusuf Goolamabbas >Release: 4.5-RELEASE >Organization: >Environment: >Description: firewall(7) has a paragraph about which ICMP packets to allow and what they do etc The rule described there add 04000 allow icmp from any to any icmptypes 0,5,8,11,12,13,14 This does not allow icmp type 3 message which will lead to Path MTU Discovery issues. IMHO, The example rule should be changed to add 04000 allow icmp from any to any icmptypes 0,3,8,11,12,13,14 Type 5 = Redirect is fairly dangerous and somebody might just cut/paste from the firewall manpage. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message