Hosting Provided By

Re: can pf send icmp protocol unreachables?

From: Daniel Hartmeier <daniel(at)benzedrine.cx>
Date: Tue Nov 26 2002 - 12:01:01 EST

return-icmp is only honoured for blocked UDP and TCP packets. ICMP and other protocols are silently blocked. I don't know where the ICMP port unreachable you're seeing comes from, but it's not from pf (unless the packet blocked was UDP or TCP).

We could add support for return-icmp for ICMP queries/replies (not for ICMP errors, you may never reply with another ICMP error to that) and other protocols, if anything is actually using that. What protocol/application actually reacts to ICMP errors for non-TCP/UDP packets?

Daniel Received on Tue Nov 26 12:10:50 2002

This message: [ Message body ]
Next message: Jesse Trucks: "Re: Syslogd + XML"
Previous message: Henning Brauer: "Re: can pf send icmp protocol unreachables?"
In reply to: Toni Heinonen: "can pf send icmp protocol unreachables?"
Reply: Toni Heinonen: "VS: can pf send icmp protocol unreachables?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:27 EDT