Date: Wed, 31 Oct 2007 00:01:28 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: ipfw -- why need to let icmp out that I already let in? Message-ID: <fg8d4b$vak$2@ger.gmane.org> In-Reply-To: <47255D54.40700@dreamchaser.org> References: <47255D54.40700@dreamchaser.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] freebsd@dreamchaser.org wrote: > add 10510 allow icmp from any to any out via oif() keep-state I don't think ICMP is stateful :) You need both in and out rules for ICMP because the logical responses to packets can't be reliably connected into a single communication. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ7fIldnAQVacBcgRApxpAJ9jLVi4uiwUXS12ierf3QAuLsyY6gCgxxTi 4CgR8ZBqGe7BuuEY+Y5YGtk= =PUht -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fg8d4b$vak$2>