hi, i'm new to bering-uclibc and shorewall (but have used lrp and dachstein).
I'm getting hundreds of icmp "hits" showing up in the shorewall log between my bering box and one of my local machines. here's an example:
Jan 1 00:00:00 unity Shorewall:all2all:REJECT: IN= OUT=eth0 MAC= SRC=192.168.1.1 DST=192.168.1.5 LEN=83 TOS=00 PREC=0x00 TTL=64 ID=29297 PROTO=ICMP TYPE=3 CODE=0
eth0 is my lan interface (192.168.1.1), and ppp0 is the net interface (dialup). I think that a solution would be to add the following line to the shorewall policy, but i have some questions on it... fw loc ACCEPT
this seems like a very "normal" thing to do, so why is it not set in the default config? are there any reasons to not accept these connections (other than local attacks on the firewall)?
If Netfilter connection tracking is working properly, ICMP 3/0 packets *are* accepted. These packets get generated by a REJECT Shorewall rule or policy for UDP requests.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
