From owner-freebsd-pf@FreeBSD.ORG Tue Sep 11 03:39:42 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41F9C16A417 for ; Tue, 11 Sep 2007 03:39:42 +0000 (UTC) (envelope-from jon@seaholm.caamora.com.au) Received: from seaholm.caamora.com.au (seaholm.caamora.com.au [203.7.226.5]) by mx1.freebsd.org (Postfix) with ESMTP id E817613C458 for ; Tue, 11 Sep 2007 03:39:40 +0000 (UTC) (envelope-from jon@seaholm.caamora.com.au) Received: (from jon@localhost) by seaholm.caamora.com.au (8.11.1/8.11.1) id l8B3dxZ17110; Tue, 11 Sep 2007 13:39:59 +1000 (EST) Message-ID: <20070911133959.25090@caamora.com.au> Date: Tue, 11 Sep 2007 13:39:59 +1000 From: jonathan michaels To: freebsd pf Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Subject: pf, ping and traceroute X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2007 03:39:42 -0000 greetings all, i am new to pf and freebsd (v6.2-R), while i have been using freebsd for about ten years .. i stoped at about v2.2.5 (or 7) it worked for me and on a 386dx33 with 8 mb dram it was perfect. now i am slowly coming to terms with freebsd v6.2, i did it in one step, from v2 to v6 it is a big cultural shift. my question is to do with pf and the using of things like ping and traceroute, using pf (any sort of a generic 'firewall' device/application/whatever) seems to preclude or severly limit my ability to do/use tools like ping/traceroute to test/check/verify whatever the usual admin functionality. i've read (and rearead, and rerea..) the documentation to me (with my learning difficulties) it is hard very hard to understand. i get that it is part of teh functionality to stop outside stuff garbage bad people from getting to teh inside but how do i make a "hole" in teh 'firewall' for ping/traceroute without opening up teh firewall to let the same (ping/traceroute/etc) stuff come in from teh outside ???? apologies for my poor writing. kind regards appreciations and thanks jonathan -- ================================================================ powered by .. QNX, OS9 and freeBSD -- http://caamora com au/operating system ==== === appropriate solution in an inappropriate world === ====