Date: Wed, 31 Oct 2007 00:01:28 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: ipfw -- why need to let icmp out that I already let in? Message-ID: <fg8d4b$vak$2@ger.gmane.org> In-Reply-To: <47255D54.40700@dreamchaser.org> References: <47255D54.40700@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD6A14734043A51D232DE2172 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable freebsd@dreamchaser.org wrote: > add 10510 allow icmp from any to any out via oif() keep-state I don't think ICMP is stateful :) You need both in and out rules for ICMP because the logical responses to packets can't be reliably connected into a single communication. --------------enigD6A14734043A51D232DE2172 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ7fIldnAQVacBcgRApxpAJ9jLVi4uiwUXS12ierf3QAuLsyY6gCgxxTi 4CgR8ZBqGe7BuuEY+Y5YGtk= =PUht -----END PGP SIGNATURE----- --------------enigD6A14734043A51D232DE2172--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fg8d4b$vak$2>