Stefan Lüthje napsal(a):
...
is called by:
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
...
When I ping a machine in the internet, I see the following result on tcpdump:
19:35:24.866434 IP 21x.8x.7x.7x > 21x.18x.14x.10x: ICMP echo request, id
46871, seq 1536, length 64
19:35:24.898032 IP 21x.18x.14x.10x > 21x.8x.7x.7x: ICMP echo reply, id
46871, seq 1536, length 64
But on the log I see the following:
Jan 25 19:35:24 speedy kernel: denied: IN=ppp0 OUT= MAC=
SRC=21x.18x.14x.10x DST=21x.8x.7x.7x LEN=84 TOS=0x00 PREC=0x00 TTL=58
ID=11184 PROTO=ICMP TYPE=0 CODE=0 ID=46871 SEQ=1536
My question: Why will this packet not accepted by the ACCEPT state rule
withe the 2.6.15 kernel?
I'm not sure you can speak about RELATED and ESTABLISHED in the context of ICMP;
if I'm not mistaken this is stateless affair.
I've got dedicated rule for ICMP only in my firewall scripts, something like
iptables -A INPUT -i ppp0 -p ICMP --icmp-type echo-request -j ACCEPT
Hope this helps you.
Please someone correct me if I'm wrong (but it works for me anyway).
Vit
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]