On Wed, Oct 31, 2007 at 01:47:09AM +0100, Matus Harvan wrote: [...] > In case icmpechouser is enabled > > * should the packet be dropped if it was multicast/broadcast and > icmpbcastecho is disabled? > > I guess yes.
Thinking about this again, I think the bmcastecho meaning is about
generating repleis rather than receiving requests. From icmp(4):
bmcastecho (boolean) Enable/disable ICMP replies received via broad-
cast or multicast. Defaults to false.
Hence, I don't think that the packet should be dropped even if
icmpbcastecho is disabled.
Hence, I think it would be OK to keep the 'goto raw' at the beginning
(as it was in the patch I have sent) rather than moving it down to the
'goto reflect'.
Matus
pgpk5fSYcD0Bm.pgp
Description: PGP signature
