diff options
| author | brucec <brucec@FreeBSD.org> | 2011-02-19 14:57:00 +0000 |
|---|---|---|
| committer | brucec <brucec@FreeBSD.org> | 2011-02-19 14:57:00 +0000 |
| commit | f16cfd83169b40cb7f6b0bb6aa3805f482281b9c (patch) | |
| tree | 013be9e2f97c285fc86185548fcc7ace7fecab33 /share | |
| parent | a9f4af7420d3fbea7aad9077d852ec6f3ef4429c (diff) | |
| download | FreeBSD-src-f16cfd83169b40cb7f6b0bb6aa3805f482281b9c.zip FreeBSD-src-f16cfd83169b40cb7f6b0bb6aa3805f482281b9c.tar.gz | |
Update the icmp example to show allowing only the safe types.
Suggested by: Tom Judge <tom at tomjudge.com>
MFC after: 3 days
Diffstat (limited to 'share')
| -rw-r--r-- | share/examples/pf/pf.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/share/examples/pf/pf.conf b/share/examples/pf/pf.conf index ad494c7..299999d 100644 --- a/share/examples/pf/pf.conf +++ b/share/examples/pf/pf.conf @@ -32,4 +32,4 @@ #pass in on $ext_if proto tcp to ($ext_if) port ssh #pass in log on $ext_if proto tcp to ($ext_if) port smtp #pass out log on $ext_if proto tcp from ($ext_if) to port smtp -#pass in on $ext_if proto icmp to ($ext_if) +#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex } |
