Ian, On Fri, Nov 29, 2013 at 02:28:27PM +0200, Ian FREISLICH wrote: I> At some point this stopped working. I was able to use traceroute -I I> This rule let the echo request out and the resulting TTL exceeded I> was matched and allowed back in. I> I> pass out inet proto icmp from <ournets> to any icmp-type echoreq I> I> I've had to change the rule to the following to keep traceroute going: I> I> pass out inet proto icmp from <ournets> to any
This is probably related to r257223. Baptiste, any ideas? Ian, is it possible to reproduce this on a single host? What pf.conf and traceroute command are required? -- Totus tuus, Glebius. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
