Date: Sun, 28 Oct 2001 20:20:12 -0500 From: "Michael Scheidell" <scheidell@fdma.com> To: <freebsd-security@freebsd.org> Subject: can I use keep-state for icmp rules? Message-ID: <009c01c16017$dca045d0$0603a8c0@MIKELT>
next in thread | raw e-mail | index | archive | help
In trying to allow return icmp packes (i sent out a echo, icmp type 8, want to allow the echo reply, 0) or others, can I use keep-state for that rule? thus: allow icmp from $oip to any keep-state out xmit $oif (yes, it takes it, doesn't reject it, looks like it puts rules in the ipfw -al) question, does it REALLY check? like tcp, thewre is the syn/ack/fin handshake, will it only allow return icmp for outgoing? does it know to allow a echo (0) for an outgoing 8? (ping?) Michael Scheidell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009c01c16017$dca045d0$0603a8c0>