Date: Tue, 11 Sep 2007 02:07:45 -0700 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "jonathan michaels" <jon@caamora.com.au> Cc: freebsd pf <freebsd-pf@freebsd.org> Subject: Re: pf, ping and traceroute Message-ID: <fee88ee40709110207m456e2adbi96a3d3378548495@mail.gmail.com> In-Reply-To: <20070911133959.25090@caamora.com.au> References: <20070911133959.25090@caamora.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/10/07, jonathan michaels <jon@caamora.com.au> wrote: > > i get that it is part of teh functionality to stop outside stuff > garbage bad people from getting to teh inside but how do i make a > "hole" in teh 'firewall' for ping/traceroute without opening up teh > firewall to let the same (ping/traceroute/etc) stuff come in from teh > outside ???? > PF was developed by OpenBSD, so their documentation is mostly authoritative. Keep in mind the PF found in FreeBSD is slightly different -- it isn't as new, for the most part (much of that changed recently thanks to Max Laier). Anyway, have you read the OpenBSD documentation? http://www.openbsd.org/faq/pf/ Focus on understanding how the directions work (e.g. pass in vs. pass out) and also 'keep state.' Understanding states is critical... have you figured out how those work yet? Are you filtering on a router? Switch? Server? -Kian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40709110207m456e2adbi96a3d3378548495>