From owner-freebsd-bugs@FreeBSD.ORG  Tue Dec 14 10:50:26 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 914CD16A4E2
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 14 Dec 2004 10:50:26 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E94543D39
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 14 Dec 2004 10:50:26 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iBEAoQ0n085850
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 14 Dec 2004 10:50:26 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iBEAoP2J085848;
	Tue, 14 Dec 2004 10:50:25 GMT
	(envelope-from gnats)
Date: Tue, 14 Dec 2004 10:50:25 GMT
Message-Id: <200412141050.iBEAoP2J085848@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Daniel Hartmeier <daniel@benzedrine.cx>
Subject: Re: kern/75036: pf / icmp 64 / operation wrongully not permitted?
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Daniel Hartmeier <daniel@benzedrine.cx>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2004 10:50:26 -0000

The following reply was made to PR kern/75036; it has been noted by GNATS.

From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Arne =?iso-8859-1?Q?W=F6rner?= <arne_woerner@yahoo.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/75036: pf / icmp 64 / operation wrongully not permitted?
Date: Tue, 14 Dec 2004 11:47:16 +0100

 On Mon, Dec 13, 2004 at 11:37:06PM +0000, Arne Wörner wrote:
 
 > >Number:         75036
 > >Synopsis:       pf / icmp 64 / operation wrongully not permitted?
 
 > I just tried to do
 >   ping -R localhost
 > With pf enabled: The ping command says that the operation is not permitted.
 
 Record route (-R) is an IP option. By default, pf blocks all packets
 with IP options, unless the last-matching rule contains the 'allow-opts'
 keyword.
 
 Here's the relevant section from pf.conf(5)
 
   allow-opts
      By default, packets which contain IP options are blocked.  When
      allow-opts is specified for a pass rule, packets that pass the fil-
      ter based on that rule (last matching) do so even if they contain
      IP options.  For packets that match state, the rule that initially
      created the state is used.  The implicit pass rule that is used
      when a packet does not match any rules does not allow IP options.
 
 >  pass in quick on lo0 all
 >  pass out quick on lo0 all
 
 Try
 
   pass in quick on lo0 all allow-opts
   pass out quick on lo0 all allow-opts
 
 Daniel