Bug 39495

Summary: firewall man page should allow ICMP type 3 messages
Product: Documentation Reporter: yusufg <yusufg>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description yusufg 2002-06-19 05:50:01 UTC 
firewall(7) has a paragraph about which ICMP packets to allow and what they do etc

The rule described there
add 04000 allow icmp from any to any icmptypes 0,5,8,11,12,13,14

This does not allow icmp type 3 message which will lead to Path MTU Discovery issues.

IMHO, The example rule should be changed to

add 04000 allow icmp from any to any icmptypes 0,3,8,11,12,13,14

Type 5 = Redirect is fairly dangerous and somebody might just cut/paste from the firewall manpage.
Comment 1 Matt Dillon freebsd_committer freebsd_triage 2002-06-25 05:08:22 UTC 
State Changed
From-To: open->closed

Whops, ok, the firewall man page is fixed in the tree now in regards 
to TCP MTU discovery requiring ICMP type 3 packets to be let through.