netbsd-help: Re: IPF Configuration

Subject: Re: IPF Configuration
To: Richard <richard@sheflug.co.uk>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-help
Date: 11/01/2003 16:43:06

On Thu, Oct 30, 2003 at 11:42:49PM +0000, Richard wrote:
>  Manuel
> 
> >>
> >>#  Loopback policy: Completely open
> >>#
> >>pass in quick on lo0 all
> >>pass out quick on lo0 all
> >>pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 0
> >>pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 11
> >>   
> >>
> >
> >You should probably add type 3 (ICMP_UNREACH) to the list
> >
> 
> Umm...  could you give an example ?

Just
pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 3

ICMP_UNREACH are used, among others, for path MTU discovery. You may
experience troubles talking to some sites if you block these messages.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--