On Tue, May 21, 2002 at 01:08:21AM +0100, [EMAIL PROTECTED] wrote: > On Mon, May 20, 2002 at 06:34:19PM +0100, Antony Stone wrote: > > On Monday 20 May 2002 5:55 pm, Miky J wrote: > > <snip> > > > If you want to hide the firewall from showing up in the traceroute, there > > is a TTL match, which you might be able to use - I'm not sure if the > > filtering rules are checked before or after the TTL is decremented, and an > > ICMP packet generated if it's just become zero.... > > The filtering rules will be checked beforehand I expect, which means you can > do things with TTL=1 packets in the right table ( mangle? ) before the stack > replies to them. I reckon if you add 1 to the TTL of all packets you could > make the firewall invisible to packets being forwarded through it. > > Of course, you'll also be standing in a pile of broken RFCs....
I don't think that he'll be standing in a pile of broken RFCs just because of the increased TTL. What was the reason for the introduction of the TTL field again? Oh, yes, to avoid orphan packets to wander around for ever. So, changing that is not harmful at all, as long as, the Internet in general plays by the rule and decreases it by one so the orphan packets can eventually die in piece. Ramin > FunkyJesus System Administration Team
