From 9c73eae9c42570b7c44a34f79a5387d15de65f45 Mon Sep 17 00:00:00 2001
From: Rebecca Cran <brucec@FreeBSD.org>
Date: Sat, 19 Feb 2011 14:57:00 +0000
Subject: [PATCH] Update the icmp example to show allowing only the safe types.

Suggested by: Tom Judge <tom at tomjudge.com>
MFC after:	3 days
---
 share/examples/pf/pf.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/examples/pf/pf.conf b/share/examples/pf/pf.conf
index ad494c7ed782..299999df8041 100644
--- a/share/examples/pf/pf.conf
+++ b/share/examples/pf/pf.conf
@@ -32,4 +32,4 @@
 #pass in on $ext_if proto tcp to ($ext_if) port ssh
 #pass in log on $ext_if proto tcp to ($ext_if) port smtp
 #pass out log on $ext_if proto tcp from ($ext_if) to port smtp
-#pass in on $ext_if proto icmp to ($ext_if)
+#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }