On Mon, May 20, 2002 at 06:34:19PM +0100, Antony Stone wrote: > On Monday 20 May 2002 5:55 pm, Miky J wrote:
<snip> > If you want to hide the firewall from showing up in the traceroute, there > is a TTL match, which you might be able to use - I'm not sure if the > filtering rules are checked before or after the TTL is decremented, and an > ICMP packet generated if it's just become zero.... The filtering rules will be checked beforehand I expect, which means you can do things with TTL=1 packets in the right table ( mangle? ) before the stack replies to them. I reckon if you add 1 to the TTL of all packets you could make the firewall invisible to packets being forwarded through it. Of course, you'll also be standing in a pile of broken RFCs.... -- FunkyJesus System Administration Team
