From owner-freebsd-hackers  Tue Jun  9 06:04:59 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA14077
          for freebsd-hackers-outgoing; Tue, 9 Jun 1998 06:04:59 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from echonyc.com (echonyc.com [198.67.15.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA14065
          for <hackers@freebsd.org>; Tue, 9 Jun 1998 06:04:54 -0700 (PDT)
          (envelope-from benedict@echonyc.com)
Received: from localhost (benedict@localhost)
	by echonyc.com (8.8.7/8.8.7) with SMTP id JAA11782;
	Tue, 9 Jun 1998 09:01:08 -0400 (EDT)
Date: Tue, 9 Jun 1998 09:01:08 -0400 (EDT)
From: Snob Art Genre <benedict@echonyc.com>
Reply-To: ben@rosengart.com
To: Tom Torrance <freebsd@tomqnx.com>
cc: hackers@FreeBSD.ORG
Subject: Re: IPFW problem?
In-Reply-To: <m0yjJW2-00087JC@TomQNX.tomqnx.com>
Message-ID: <Pine.GSO.3.96.980609085936.10243C-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 9 Jun 1998, Tom Torrance wrote:

> The sample file to the contrary, it appears that ipfw will not
> allow the "established" keyword for the "allow icmp" case.
> 
> Is this a misunderstanding on my part or a genuine fault"?

'Established' matches on the ACK bit to make sure a packet is part of an
established connection, right?  It's a misunderstanding: ICMP is
connectionless.
 
> Is there another way to allow ICMP only as part of the TCP protocol?

I'm not sure I understand this.  ICMP is logically at the same level as
TCP, it goes over IP.


 Ben

"You have your mind on computers, it seems." 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message