From owner-freebsd-stable Sun Oct 14 15:57:23 2001 Delivered-To: freebsd-stable@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id C4BEE37B406 for ; Sun, 14 Oct 2001 15:57:20 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.247.143.60.Dial1.SanJose1.Level3.net [209.247.143.60]) by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id PAA22019; Sun, 14 Oct 2001 15:57:14 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9EMvC701010; Sun, 14 Oct 2001 15:57:12 -0700 (PDT) (envelope-from cjc) Date: Sun, 14 Oct 2001 15:57:11 -0700 From: "Crist J. Clark" To: Arjan de Vet Cc: stable@FreeBSD.ORG Subject: Re: IPFW or IPFILTER? Message-ID: <20011014155711.C309@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011012185458.K69352-100000@darkwing.turbo.net> <20011012184741.D6274@blossom.cjclark.org> <20011014180756.A17546@adv.devet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011014180756.A17546@adv.devet.org>; from devet@devet.org on Sun, Oct 14, 2001 at 06:07:56PM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 14, 2001 at 06:07:56PM +0200, Arjan de Vet wrote: [snip] > IIRC ipfilter does not allow '_any_ ICMP' in such a case: if you send an > 'ICMP echo' with keep-state then only 'ICMP echo reply' packets will be > allowed to pass through. Or ICMP errors associated with the outgoing ping packet, just like the UDP case you explained. True, that's how IPFilter works. I was explaining how ipfw(8) does it. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message