Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 9 Oct 2009 22:09:34 -0400
From:      jhell <jhell@DataIX.net>
To:        freebsd-pf@freebsd.org
Subject:   return-icmp() relative question to ipf rule.
Message-ID:  <alpine.BSF.2.00.0910092153440.7013@qvzrafvba.5c.ybpny>

next in thread | raw e-mail | index | archive | help

I have a rule I used in ipfilter probably around 2 or so years ago and I 
am now getting around to trying to implement in it my pf rules. So far any 
results I have achieved have failed with no response back from the server 
and get dropped.

The rule in ipf syntax:
block return-icmp-as-dest(13) in log first quick proto icmp all icmp-type 
8

The above ipf rule returns a result of "Destination Administratively 
Prohibited" when ping'd

The following pf syntax:
block return-icmp(3,13) in quick inet proto icmp from any to any icmp-type 
8 code 0

The above pf rule returns a result of "Nothing ........" when ping'd

Just to be sure I wasn't mucking up the chain of rules I added this as the 
only rule to test it out and have achieved the same result multiple times 
on a test machine.

Can anyone shed some light on the syntax and help me out with getting this 
rule to make the system respond to a echo request with admin-prohib as 
the destination system ?

Thanks

-- 

  ;; dataix.net!jhell         2048R/89D8547E 2009-09-30
  ;; BSD since FreeBSD 4.2    Linux since Slackware 2.1
  ;; 85EF E26B 07BB 3777 76BE  B12A 9057 8789 89D8 547E




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0910092153440.7013>