Correct the example that allows internal but blocks external ICMP.
Reviewed by: Peter N. M. Hansteen <peter@bsdly.net>
This commit is contained in:
Warren Block
parent
09d34c51d5
commit
29f9029798
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=42084
1 changed files with 2 additions and 2 deletions
|
|
@ -1086,8 +1086,8 @@ rdr-anchor "ftp-proxy/*"</programlisting>
|
|||
<acronym>ICMP</acronym> traffic from the local net through
|
||||
and stop probes from elsewhere at the gateway:</para>
|
||||
|
||||
<programlisting>pass inet proto icmp icmp-type $icmp_types from $localnet to any keep state
|
||||
pass inet proto icmp icmp-type $icmp_types from any to $ext_if keep state</programlisting>
|
||||
<programlisting>pass inet proto icmp from $localnet to any keep state
|
||||
pass inet proto icmp from any to $ext_if keep state</programlisting>
|
||||
|
||||
<para>Stopping probes at the gateway might be an attractive
|
||||
option anyway, but let us have a look at a few other
|
||||
|
|
|
|||
Loading…
Reference in a new issue