From nobody@FreeBSD.org  Tue Mar 23 21:38:55 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9AF191065670
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Mar 2010 21:38:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A97B8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Mar 2010 21:38:55 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2NLctW1044504
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Mar 2010 21:38:55 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o2NLctD7044496;
	Tue, 23 Mar 2010 21:38:55 GMT
	(envelope-from nobody)
Message-Id: <201003232138.o2NLctD7044496@www.freebsd.org>
Date: Tue, 23 Mar 2010 21:38:55 GMT
From: Bruce Cran <bruce@cran.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [pf] pf.conf example should show allowing icmp through firewall
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         144986
>Category:       docs
>Synopsis:       [pf] pf.conf example should show allowing icmp through firewall
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    brucec
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 23 21:40:03 UTC 2010
>Closed-Date:    Wed Feb 16 21:46:59 UTC 2011
>Last-Modified:  Wed Feb 16 21:50:11 UTC 2011
>Originator:     Bruce Cran
>Release:        9.0-CURRENT
>Organization:
>Environment:
FreeBSD core.draftnet 9.0-CURRENT FreeBSD 9.0-CURRENT #3 r205344M: Sat Mar 20 21:31:35 GMT 2010     brucec@core.draftnet:/usr/obj/usr/src/head/sys/CORE  amd64
>Description:
The pf example in /usr/share/example/pf/pf.conf shows allowing ssh through the firewall, but it doesn't have any icmp examples, so users may not realise that icmp should normally be allowed.
>How-To-Repeat:

>Fix:
Add the line:

#pass in on $ext_if proto icmp to ($ext_if)

>Release-Note:
>Audit-Trail:

From: Glen Barber <glen.j.barber@gmail.com>
To: bug-followup@FreeBSD.org, bruce@cran.org.uk
Cc:  
Subject: Re: docs/144986: [pf] pf.conf example should show allowing icmp
 through firewall
Date: Wed, 31 Mar 2010 19:45:08 -0400

 --r5Pyd7+fXNt84Ff3
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 The attached patch adds the ICMP rule to pf.conf.
 
 Regards,
 
 -- 
 Glen Barber
 
 --r5Pyd7+fXNt84Ff3
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="src.pf.pf.conf.txt"
 
 Index: /usr/src/share/examples/pf/pf.conf
 ===================================================================
 --- /usr/src/share/examples/pf/pf.conf	(revision 205980)
 +++ /usr/src/share/examples/pf/pf.conf	(working copy)
 @@ -32,3 +32,4 @@
  #pass in on $ext_if proto tcp to ($ext_if) port ssh
  #pass in log on $ext_if proto tcp to ($ext_if) port smtp
  #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
 +#pass in on $ext_if proto icmp to ($ext_if)
 
 --r5Pyd7+fXNt84Ff3--
Responsible-Changed-From-To: freebsd-doc->gjb 
Responsible-Changed-By: gjb 
Responsible-Changed-When: Sat Oct 9 17:08:16 UTC 2010 
Responsible-Changed-Why:  
I'll take this. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=144986 
State-Changed-From-To: open->patched 
State-Changed-By: brucec 
State-Changed-When: Sat Feb 12 20:43:34 UTC 2011 
State-Changed-Why:  
Patch committed to HEAD. 


Responsible-Changed-From-To: gjb->brucec 
Responsible-Changed-By: brucec 
Responsible-Changed-When: Sat Feb 12 20:43:34 UTC 2011 
Responsible-Changed-Why:  
Grab. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144986 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/144986: commit references a PR
Date: Sat, 12 Feb 2011 20:42:58 +0000 (UTC)

 Author: brucec
 Date: Sat Feb 12 20:42:53 2011
 New Revision: 218620
 URL: http://svn.freebsd.org/changeset/base/218620
 
 Log:
   If the pf.conf(5) example file is copied when setting up a firewall it's
   easy to forget about icmp. Update the file to show allowing icmp through
   the firewall.
   
   PR:	docs/144986
   MFC after:	1 month
 
 Modified:
   head/share/examples/pf/pf.conf
 
 Modified: head/share/examples/pf/pf.conf
 ==============================================================================
 --- head/share/examples/pf/pf.conf	Sat Feb 12 20:28:15 2011	(r218619)
 +++ head/share/examples/pf/pf.conf	Sat Feb 12 20:42:53 2011	(r218620)
 @@ -32,3 +32,4 @@
  #pass in on $ext_if proto tcp to ($ext_if) port ssh
  #pass in log on $ext_if proto tcp to ($ext_if) port smtp
  #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
 +#pass in on $ext_if proto icmp to ($ext_if)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: brucec 
State-Changed-When: Wed Feb 16 21:46:39 UTC 2011 
State-Changed-Why:  
Merged to stable/7 and stable/8. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144986 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/144986: commit references a PR
Date: Wed, 16 Feb 2011 21:46:07 +0000 (UTC)

 Author: brucec
 Date: Wed Feb 16 21:46:03 2011
 New Revision: 218759
 URL: http://svn.freebsd.org/changeset/base/218759
 
 Log:
   MFC r218620:
   
   If the pf.conf(5) example file is copied when setting up a firewall it's
   easy to forget about icmp. Update the file to show allowing icmp through
   the firewall.
   
   PR:	docs/144986
 
 Modified:
   stable/7/share/examples/pf/pf.conf
 Directory Properties:
   stable/7/share/examples/   (props changed)
 
 Modified: stable/7/share/examples/pf/pf.conf
 ==============================================================================
 --- stable/7/share/examples/pf/pf.conf	Wed Feb 16 21:41:44 2011	(r218758)
 +++ stable/7/share/examples/pf/pf.conf	Wed Feb 16 21:46:03 2011	(r218759)
 @@ -32,3 +32,4 @@
  #pass in on $ext_if proto tcp to ($ext_if) port ssh
  #pass in log on $ext_if proto tcp to ($ext_if) port smtp
  #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
 +#pass in on $ext_if proto icmp to ($ext_if)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
