From owner-freebsd-pf@FreeBSD.ORG  Mon Oct 26 13:33:57 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 35FE01065670
	for <freebsd-pf@freebsd.org>; Mon, 26 Oct 2009 13:33:57 +0000 (UTC)
	(envelope-from remko@elvandar.org)
Received: from mailgate.jr-hosting.nl (mailgate.jr-hosting.nl [78.46.126.30])
	by mx1.freebsd.org (Postfix) with ESMTP id E77A28FC12
	for <freebsd-pf@freebsd.org>; Mon, 26 Oct 2009 13:33:56 +0000 (UTC)
Received: from websrv01.jr-hosting.nl (websrv01 [78.47.69.233])
	by mailgate.jr-hosting.nl (Postfix) with ESMTP id 59FDC1CCF5;
	Mon, 26 Oct 2009 14:18:03 +0100 (CET)
Received: from milamber.elvandar.org ([78.47.44.222] helo=[10.0.3.2])
	by websrv01.jr-hosting.nl with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.69 (FreeBSD)) (envelope-from <remko@elvandar.org>)
	id 1N2PSV-000O6S-AD; Mon, 26 Oct 2009 14:18:03 +0100
Mime-Version: 1.0 (Apple Message framework v1076)
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
From: Remko Lodder <remko@elvandar.org>
In-Reply-To: <alpine.BSF.2.00.0910092153440.7013@qvzrafvba.5c.ybpny>
Date: Mon, 26 Oct 2009 14:18:02 +0100
Content-Transfer-Encoding: 7bit
Message-Id: <FDD45DEB-DF44-43BF-B619-85B9118B4AF4@elvandar.org>
References: <alpine.BSF.2.00.0910092153440.7013@qvzrafvba.5c.ybpny>
To: jhell <jhell@DataIX.net>
X-Mailer: Apple Mail (2.1076)
Cc: freebsd-pf@freebsd.org
Subject: Re: return-icmp() relative question to ipf rule.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2009 13:33:57 -0000

On Oct 10, 2009, at 4:09 AM, jhell wrote:

>
> I have a rule I used in ipfilter probably around 2 or so years ago  
> and I am now getting around to trying to implement in it my pf  
> rules. So far any results I have achieved have failed with no  
> response back from the server and get dropped.
>
> The rule in ipf syntax:
> block return-icmp-as-dest(13) in log first quick proto icmp all icmp- 
> type 8
>
> The above ipf rule returns a result of "Destination Administratively  
> Prohibited" when ping'd
>
> The following pf syntax:
> block return-icmp(3,13) in quick inet proto icmp from any to any  
> icmp-type 8 code 0
>
> The above pf rule returns a result of "Nothing ........" when ping'd
>
> Just to be sure I wasn't mucking up the chain of rules I added this  
> as the only rule to test it out and have achieved the same result  
> multiple times on a test machine.
>
> Can anyone shed some light on the syntax and help me out with  
> getting this rule to make the system respond to a echo request with  
> admin-prohib as the destination system ?
>
> Thanks
>


*click* (the light is on)

            Options returning ICMP packets currently have no effect if  
pf(4)
            operates on a if_bridge(4), as the code to support this  
feature has
            not yet been implemented.

from the Manual page. I think that answers the question?

-- 
/"\   Best regards,                        | remko@FreeBSD.org
\ /   Remko Lodder                      | remko@EFnet
X    http://www.evilcoder.org/    |
/ \   ASCII Ribbon Campaign    | Against HTML Mail and News