Date: Tue, 22 Feb 2011 17:43:09 +0000 (UTC) From: Bruce Cran <brucec@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r218955 - stable/8/share/examples/pf Message-ID: <201102221743.p1MHh9Ut016400@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brucec Date: Tue Feb 22 17:43:09 2011 New Revision: 218955 URL: http://svn.freebsd.org/changeset/base/218955 Log: MFC r218854: Update the icmp example to show allowing only the safe types. Suggested by: Tom Judge <tom at tomjudge.com> Modified: stable/8/share/examples/pf/pf.conf Directory Properties: stable/8/share/examples/ (props changed) stable/8/share/examples/etc/ (props changed) stable/8/share/examples/kld/syscall/ (props changed) Modified: stable/8/share/examples/pf/pf.conf ============================================================================== --- stable/8/share/examples/pf/pf.conf Tue Feb 22 17:40:18 2011 (r218954) +++ stable/8/share/examples/pf/pf.conf Tue Feb 22 17:43:09 2011 (r218955) @@ -32,4 +32,4 @@ #pass in on $ext_if proto tcp to ($ext_if) port ssh #pass in log on $ext_if proto tcp to ($ext_if) port smtp #pass out log on $ext_if proto tcp from ($ext_if) to port smtp -#pass in on $ext_if proto icmp to ($ext_if) +#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102221743.p1MHh9Ut016400>