Re: docs/101114: icmptype names not in icmp(4) manpage
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3FBD0D82BF65546A25D3553F
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
John Archambeau wrote:
> To create a pf.conf file (see man pf.conf) properly for filtering of
> icmp, you must specify the icmptype(s) by abbreviation per the OpenBSD
> icmp(4) manpage you wish to filter. It's not like ipfw where you can
> specify the icmptype by number, it must be the type by the
> abbreviation as specified as by the OpenBSD manpage for icmptypes.
Are you sure about that?
happy-idiot-talk:/etc:% uname -a
FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.1-STABLE FreeBSD 6.1-ST=
ABLE #6: Mon Aug 28 14:01:08 BST 2006 root@happy-idiot-talk.infracani=
nophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
happy-idiot-talk:/etc:% cat pf.conf=20
icmp_types=3D"{ 0 3 8 11 }"
scrub in
pass all
pass inet proto icmp all icmp-type $icmp_types keep state
happy-idiot-talk:/etc:% sudo pfctl -f pf.conf
happy-idiot-talk:/etc:% sudo pfctl -sr
scrub in all fragment reassemble
pass all
pass inet proto icmp all icmp-type echorep keep state
pass inet proto icmp all icmp-type unreach keep state
pass inet proto icmp all icmp-type echoreq keep state
pass inet proto icmp all icmp-type timex keep state
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig3FBD0D82BF65546A25D3553F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/mBu8Mjk52CukIwRCGuBAJ9VfRl0OxOnZgEeOmyLXRb85Sb9yQCeNPnd
+gIu5deAZ+SjZ3wLo/h/mhM=
=DGkP
-----END PGP SIGNATURE-----
--------------enig3FBD0D82BF65546A25D3553F--
討論串 (同標題文章)
完整討論串 (本文為第 5 之 8 篇):