pass out quick on tun0 keep state pass out quick on xl0 keep state
Crist J. Clark wrote: > On Thu, May 11, 2006 at 03:45:24PM -0300, Scott Walker wrote: >> block in proto icmp all >> pass in quick on fxp0 proto icmp from any to any icmp-type echo >> pass in quick on fxp0 proto icmp from any to any icmp-type echorep >> pass in quick on xl0 proto icmp from any to any icmp-type echo >> pass in quick on xl0 proto icmp from any to any icmp-type echorep >> pass in quick on tun0 proto icmp from any to any icmp-type echo >> pass in quick on tun0 proto icmp from any to any icmp-type echorep >> >> Should the above rules allow me to ping across networks? The FW itself >> can ping all the hosts on both sides, but for example hosts strung off >> the tun0 VPN tunnel can't ping the FW, hosts on xl0 (internal lan) can't >> ping the FW or hosts on the VPN. >> >> Am I missing something? This seems pretty simple to do. > > You allowing them out?
