NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/38390

The following reply was made to PR kern/38390; it has been noted by GNATS.

From: Darren Reed <>
Subject: Re: kern/38390
Date: Mon, 02 Jun 2008 04:18:36 -0700

 If the firewall generates an ICMP packet in response to a TCP packet 
 that is part of
 a "keep state" session, then it should be automatically letting it 
 through, without the need
 for any special "proto icmp .. keep state" rules.
 With regard to Wolfgang's comment, checking ICMP errors to match an existing
 state should happen before the "proto icmp" rule is checked...
 Is NAT also active here or not?

Home | Main Index | Thread Index | Old Index