Date: Wed, 4 Dec 2013 17:34:02 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Ian FREISLICH <ianf@clue.co.za> Cc: bapt@FreeBSD.org, freebsd-pf@freebsd.org Subject: Re: icmp-type echoreq not matching resulting ttl exceeded Message-ID: <20131204133402.GL48919@FreeBSD.org> In-Reply-To: <E1VmNBM-00019a-4U@clue.co.za> References: <E1VmNBM-00019a-4U@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian, On Fri, Nov 29, 2013 at 02:28:27PM +0200, Ian FREISLICH wrote: I> At some point this stopped working. I was able to use traceroute -I I> This rule let the echo request out and the resulting TTL exceeded I> was matched and allowed back in. I> I> pass out inet proto icmp from <ournets> to any icmp-type echoreq I> I> I've had to change the rule to the following to keep traceroute going: I> I> pass out inet proto icmp from <ournets> to any This is probably related to r257223. Baptiste, any ideas? Ian, is it possible to reproduce this on a single host? What pf.conf and traceroute command are required? -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131204133402.GL48919>