From owner-freebsd-pf@FreeBSD.ORG  Mon Aug 14 14:28:38 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 69F0516A4DF
	for <freebsd-pf@freebsd.org>; Mon, 14 Aug 2006 14:28:38 +0000 (UTC)
	(envelope-from clacroix@cegep-ste-foy.qc.ca)
Received: from missive.cegep-ste-foy.qc.ca (missive.cegep-ste-foy.qc.ca
	[199.202.105.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8EC5043D58
	for <freebsd-pf@freebsd.org>; Mon, 14 Aug 2006 14:28:37 +0000 (GMT)
	(envelope-from clacroix@cegep-ste-foy.qc.ca)
Received: from LOCALHOST (LOCALHOST [127.0.0.1])
	by missive.cegep-ste-foy.qc.ca (Postfix) with ESMTP id C0641141A0B
	for <freebsd-pf@freebsd.org>; Mon, 14 Aug 2006 10:28:36 -0400 (EDT)
Received: from sti-test.cegep-ste-foy.qc.ca (sti-test.cegep-ste-foy.qc.ca
	[199.202.105.98])
	by missive.cegep-ste-foy.qc.ca (Postfix) with ESMTP id 5BE65141A2F
	for <freebsd-pf@freebsd.org>; Mon, 14 Aug 2006 09:56:15 -0400 (EDT)
From: Charles Lacroix <clacroix@cegep-ste-foy.qc.ca>
To: freebsd-pf@freebsd.org
Date: Mon, 14 Aug 2006 09:56:14 -0400
User-Agent: KMail/1.9.3
References: <200608140938.11880.clacroix@cegep-ste-foy.qc.ca>
	<d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com>
In-Reply-To: <d8a4930a0608140642m6bf114c5jae32a1b7f4fa8a27@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200608140956.14645.clacroix@cegep-ste-foy.qc.ca>
X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.16; VAE: 6.30.0.2;
	VDF: 6.30.0.16; host: missive.cegep-ste-foy.qc.ca)
Subject: Re: ICMP traffic
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2006 14:28:38 -0000

On Monday 14 August 2006 09:42, Cristiano Deana wrote:
> 2006/8/14, Charles Lacroix <clacroix@cegep-ste-foy.qc.ca>:
> > i was wondering which icmp type packets people accepted on there
> > production servers.
>
> did you read firewall(7) ?

I just checked it and it's talking about ipfw, i searched the man page for=
=20
icmp rules and found this little block.

Thanks for the hint.

     # It is important to allow certain ICMP types through, here is a list
     # of general ICMP types.  Note that it is important to let ICMP type 3
     # through.
     #
     #       0       Echo Reply
     #       3       Destination Unreachable (used by TCP MTU discovery, aka
     #                                       packet-too-big)
     #       4       Source Quench (typically not allowed)
     #       5       Redirect (typically not allowed - can be dangerous!)
     #       8       Echo
     #       11      Time Exceeded
     #       12      Parameter Problem
     #       13      Timestamp
     #       14      Timestamp Reply
     #
     # Sometimes people need to allow ICMP REDIRECT packets, which is
     # type 5, but if you allow it make sure that your Internet router
     # disallows it.



=2D-=20
Charles Lacroix, Administrateur UNIX.
Service des t=E9l=E9communications et des technologies
C=E9gep de Sainte-Foy
(418) 659-6600 # 4266