On Tue, 5 Apr 2016 20:22:05 +0200 Sven Kirmess <[email protected]> wrote:
> I'm not so sure about that. The same statement does allso ALLOW ICMP > packets. And dropping Auth can have as much a negative effect as > dropping ICMP. Not related to blocking necessary ICMPs. What was done on shorewall to auth was replacing silent reject of auth to no special handling of auth. That means you can see from your firewall log how much auth requests are dropped. This change has been in shorewall ipv4 some time now. Shorewall6 still silently rejecting was caused by duplication of code between shorewall and shorewall6. Auth isn't really used much any more - things were different > 10 years ago when silent reject was added. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
