[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf + ping record route breakage



On Wed, Nov 20, 2002 at 04:25:49PM -0800, Michael Coulter wrote:
> I am curious as to how to allow a pf-enabled machine to use ping's
> record route option. I have tried this on an assortment of machines
> and the result is that as soon as pf is enabled ping -R will return
> a no route to host message. Further investigation with pflogd and
> tcpdump seems to indicate the icmp packets are being blocked on the
> way out. However I have a pass in all/pass out all ruleset.
Packets with IP options (such as RECORD_ROUTE) are blocked by pf by
default. You can allow them with the 'allow-opts' option, see
pf.conf(5).
Daniel