| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
traceroute needs a bit of help, but uses a fixed formula:
# allow out the default range for traceroute(8): # "base+nhops*nqueries-1" (33434+64*3-1) pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state
This is the stuff you find in list archives - openbsd-misc (e. g. http://marc.info/)
Note: Unix traceroute uses UDP by default; Microsoft uses ICMP ECHO (like unix with -I)