Subject: Re: ICMP acting weird in ipf 4.1.3? (netbsd-2.0_RC1)
To: Rich Neswold <rich.neswold@gmail.com>
From: Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz>
List: current-users
Date: 10/01/2004 17:00:41
> On Thu, 30 Sep 2004 22:49:52 +0200, Pavel Cahyna
> <pavel.cahyna@st.cuni.cz> wrote:
> > IMHO earlier versions of IPF were correct. If the default is to pass and
> > there are no block ... rules, packets should not be blocked. I would not
> > expect rules starting with "pass" to block anything. If the echo reply is
> > accepted by keep state rule is irrelevant, because even if it is not
> > accepted, this is not a reason to block it, as there are no "block" rules.
> > Do you agree?
>
> I agree that if the default was to pass, then another "pass" rule
> shouldn't block it. None of the messages in this thread indicated the
> default was to pass, so I didn't take that into consideration.
I don't know if in the cases mentioned in this thread, but it was true in
my case. See the PR.
Bye Pavel