Update the icmp example to show allowing only the safe types.

Suggested by: Tom Judge <tom at tomjudge.com> MFC after: 3 days
2011-02-19 14:57:00 +00:00 · 2011-02-19 14:57:00 +00:00 · 9c73eae9c4
commit 9c73eae9c4
parent c67f41d01d
1 changed files with 1 additions and 1 deletions
--- a/share/examples/pf/pf.conf
+++ b/share/examples/pf/pf.conf
@ -32,4 +32,4 @@
 #pass in on $ext_if proto tcp to ($ext_if) port ssh
 #pass in log on $ext_if proto tcp to ($ext_if) port smtp
 #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
-#pass in on $ext_if proto icmp to ($ext_if)
+#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }