os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Correct the example that allows internal but blocks external ICMP.

Browse source 
Reviewed by:	Peter N. M. Hansteen <peter@bsdly.net>
This commit is contained in:
Warren Block 2013-06-29 13:19:43 +00:00
parent 09d34c51d5
commit 29f9029798
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=42084
1 changed files with 2 additions and 2 deletions

4
en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
View file

@ -1086,8 +1086,8 @@ rdr-anchor "ftp-proxy/*"</programlisting>
<acronym>ICMP</acronym> traffic from the local net through <acronym>ICMP</acronym> traffic from the local net through
and stop probes from elsewhere at the gateway:</para> and stop probes from elsewhere at the gateway:</para>
<programlisting>pass inet proto icmp icmp-type $icmp_types from $localnet to any keep state <programlisting>pass inet proto icmp from $localnet to any keep state
pass inet proto icmp icmp-type $icmp_types from any to $ext_if keep state</programlisting> pass inet proto icmp from any to $ext_if keep state</programlisting>
<para>Stopping probes at the gateway might be an attractive <para>Stopping probes at the gateway might be an attractive
option anyway, but let us have a look at a few other option anyway, but let us have a look at a few other