[email protected] wrote: > [email protected] wrote: >> [email protected] wrote: >>> [email protected] wrote: >>>> [email protected] wrote: >>>>> Is it possible to create rules that apply to specific codes of ICMP >>>> types? >>>>> The AllowICMPs macro seems to have this type of precision for ICMP >>>> type 3 code 4. >>>>> How can I write a rule that has this kind of precision for >> arbitrary >>>> ICMP types/codes? >>>> >>>> The same way as the macro does. >>>> >>> The macro appears to use keywords: 'fragmentation-needed' and 'time- >> exceeded' >>> Where can I find where these are defined? Or, is there a list >> acceptable keywords? >>> I grepped /etc/shorewall and /usr/share/shorewall but nothing came >> up. >> >> From /usr/share/shorewall/Shorewall/IPAddrs.pm, here is the list of >> keywords and their corresponding codes: >> > > Thanks a lot for this! > > Can these keywords be used directly in /etc/shorewall/rules? How about the > values they represent, like this: > > ACCEPT fw net icmp 12/1
Yes and Yes. See 1) http://www.shorewall.net/configuration_file_basics.htm#ICMP 2) http://www.shorewall.net/manpages/shorewall-rules.html (look under DEST PORTS(S)) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
