Date: Wed, 7 Jun 2000 11:52:34 -0300 (GMT) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: freebsd-security@freebsd.org Subject: IPFilter question Message-ID: <200006071452.LAA16205@ns1.via-net-works.net.ar>
next in thread | raw e-mail | index | archive | help
Hi: I've read the ipf-howto whose URL was published in the list a few month ago and used it to construt a FW. Everything was fine except for: Using keep state with icmp doesn't allow traceroutes. The solution I found was to let icmp types 0 and 11 in. Is this supposed to work this way or I misconfigured something? Shouldn't `keep state' be enough to let traceroute work? On one of the last chapters of the howto I found a very interesting section on how to build and `invisible' FW using IPFilter and bridging. The document stated it could be done with OpenBSD. Does any body know if this can be done with FreeBSD? Thanks and kind regards! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006071452.LAA16205>