Date: Sun, 14 Oct 2001 15:57:11 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Arjan de Vet <devet@devet.org> Cc: stable@FreeBSD.ORG Subject: Re: IPFW or IPFILTER? Message-ID: <20011014155711.C309@blossom.cjclark.org> In-Reply-To: <20011014180756.A17546@adv.devet.org>; from devet@devet.org on Sun, Oct 14, 2001 at 06:07:56PM %2B0200 References: <Pine.GSO.4.21.0110121216390.27495-100000@sun10pg2.wam.umd.edu> <20011012185458.K69352-100000@darkwing.turbo.net> <20011012184741.D6274@blossom.cjclark.org> <20011014180756.A17546@adv.devet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 14, 2001 at 06:07:56PM +0200, Arjan de Vet wrote:
[snip]
> IIRC ipfilter does not allow '_any_ ICMP' in such a case: if you send an
> 'ICMP echo' with keep-state then only 'ICMP echo reply' packets will be
> allowed to pass through.
Or ICMP errors associated with the outgoing ping packet, just like the
UDP case you explained.
True, that's how IPFilter works. I was explaining how ipfw(8) does
it.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011014155711.C309>