From owner-freebsd-security Wed Jun 7 7:52:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E753937B8A5 for ; Wed, 7 Jun 2000 07:52:39 -0700 (PDT) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id LAA16205 for freebsd-security@freebsd.org; Wed, 7 Jun 2000 11:52:36 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200006071452.LAA16205@ns1.via-net-works.net.ar> Subject: IPFilter question To: freebsd-security@freebsd.org Date: Wed, 7 Jun 2000 11:52:34 -0300 (GMT) Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi: I've read the ipf-howto whose URL was published in the list a few month ago and used it to construt a FW. Everything was fine except for: Using keep state with icmp doesn't allow traceroutes. The solution I found was to let icmp types 0 and 11 in. Is this supposed to work this way or I misconfigured something? Shouldn't `keep state' be enough to let traceroute work? On one of the last chapters of the howto I found a very interesting section on how to build and `invisible' FW using IPFilter and bridging. The document stated it could be done with OpenBSD. Does any body know if this can be done with FreeBSD? Thanks and kind regards! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message