From owner-freebsd-pf@FreeBSD.ORG Fri Nov 29 12:28:45 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1820CA8A for ; Fri, 29 Nov 2013 12:28:45 +0000 (UTC) Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A4D97134A for ; Fri, 29 Nov 2013 12:28:44 +0000 (UTC) Received: by mail-wi0-f176.google.com with SMTP id hq4so2006482wib.15 for ; Fri, 29 Nov 2013 04:28:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:subject:from:date:message-id; bh=sTH5fGYM1gYTWt9bJ4JOAnBEq6Zlp27RZaKcfVBXnwg=; b=hfIPWlveBI/GmCNZn75oPAjA9R1aArRq40Ag1OPZvosF7TzCa7BjapiMB3mmkHEPLI VkMp4TDjshIywhSBLEJ1bh2eAufjmAy7euwkRq43d4mmeZSxxCD81XBo032If7SyyzwC KIEaUl5BG1f3nnjH/u6vZAz3uREBuOOJqMq2rKLOWRlPLUhYt+zpT8MXwEHmCDrC6F7y tT4+5QDbmGAR2tGM86+RE3T+tqk8JJnJmlRdT4ZgLmz8f3kOBYmweHNMn85MT0SiAmXN A6DECHt6tcP2KmVl+X+aptjU1YCsELSymF7J3YIabT2jrll4X5T1kgz/ARTLhj9fzClE rMVg== X-Gm-Message-State: ALoCoQkccyWrHQYeju6y2yuGLO7C0QPnPkvsprfNsnRvDdWm4Su3sun7fpuSJNJcTCFYT8+RBzL2 X-Received: by 10.180.208.4 with SMTP id ma4mr6538511wic.43.1385728116910; Fri, 29 Nov 2013 04:28:36 -0800 (PST) Received: from clue.co.za (ti-224-139-249.telkomadsl.co.za. [105.224.139.249]) by mx.google.com with ESMTPSA id hv5sm91226980wib.2.2013.11.29.04.28.33 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Nov 2013 04:28:35 -0800 (PST) Received: from localhost ([127.0.0.1] helo=zen) by clue.co.za with esmtp (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1VmNBM-00019a-4U for freebsd-pf@freebsd.org; Fri, 29 Nov 2013 14:28:28 +0200 To: freebsd-pf@freebsd.org Subject: icmp-type echoreq not matching resulting ttl exceeded From: "Ian FREISLICH" X-Attribution: BOFH Date: Fri, 29 Nov 2013 14:28:27 +0200 Message-Id: X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Nov 2013 12:28:45 -0000 Hi At some point this stopped working. I was able to use traceroute -I This rule let the echo request out and the resulting TTL exceeded was matched and allowed back in. pass out inet proto icmp from to any icmp-type echoreq I've had to change the rule to the following to keep traceroute going: pass out inet proto icmp from to any Ian -- Ian Freislich