Date: Mon, 26 Oct 2009 14:18:02 +0100 From: Remko Lodder <remko@elvandar.org> To: jhell <jhell@DataIX.net> Cc: freebsd-pf@freebsd.org Subject: Re: return-icmp() relative question to ipf rule. Message-ID: <FDD45DEB-DF44-43BF-B619-85B9118B4AF4@elvandar.org> In-Reply-To: <alpine.BSF.2.00.0910092153440.7013@qvzrafvba.5c.ybpny> References: <alpine.BSF.2.00.0910092153440.7013@qvzrafvba.5c.ybpny>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 10, 2009, at 4:09 AM, jhell wrote:
>
> I have a rule I used in ipfilter probably around 2 or so years ago
> and I am now getting around to trying to implement in it my pf
> rules. So far any results I have achieved have failed with no
> response back from the server and get dropped.
>
> The rule in ipf syntax:
> block return-icmp-as-dest(13) in log first quick proto icmp all icmp-
> type 8
>
> The above ipf rule returns a result of "Destination Administratively
> Prohibited" when ping'd
>
> The following pf syntax:
> block return-icmp(3,13) in quick inet proto icmp from any to any
> icmp-type 8 code 0
>
> The above pf rule returns a result of "Nothing ........" when ping'd
>
> Just to be sure I wasn't mucking up the chain of rules I added this
> as the only rule to test it out and have achieved the same result
> multiple times on a test machine.
>
> Can anyone shed some light on the syntax and help me out with
> getting this rule to make the system respond to a echo request with
> admin-prohib as the destination system ?
>
> Thanks
>
*click* (the light is on)
Options returning ICMP packets currently have no effect if
pf(4)
operates on a if_bridge(4), as the code to support this
feature has
not yet been implemented.
from the Manual page. I think that answers the question?
--
/"\ Best regards, | remko@FreeBSD.org
\ / Remko Lodder | remko@EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FDD45DEB-DF44-43BF-B619-85B9118B4AF4>