[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
The following reply was made to PR kern/38390; it has been noted by GNATS.
From: Darren Reed <darrenr%netbsd.org@localhost>
To: cube%cubidou.net@localhost, gnats-bugs%gnats.NetBSD.org@localhost
Subject: Re: kern/38390
Date: Mon, 02 Jun 2008 04:18:36 -0700
If the firewall generates an ICMP packet in response to a TCP packet
that is part of
a "keep state" session, then it should be automatically letting it
through, without the need
for any special "proto icmp .. keep state" rules.
With regard to Wolfgang's comment, checking ICMP errors to match an existing
state should happen before the "proto icmp" rule is checked...
Is NAT also active here or not?
Main Index |
Thread Index |