The new iptables does support --icmp-type, and the following rule:
sudo iptables -A INPUT -p icmp --icmp-type fragmentation-need
works fine. I haven't got a working shorewall config, so it's hard to track it
down much further, but I wonder if one of you could try changing the shebang
line to #!/bin/bash at the top of /sbin/shorewall, and see if you get the same
results. I don't see where a "Drop" chain is ever getting created, and I'm
curious to see if some non-POSIX magic is building the rule wrong, because
macro.AllowICMPs is the only place in the entire source package where anything
like this seems to happen, and the target there is ACCEPT.
** Changed in: iptables (Ubuntu)
Status: Unconfirmed => Needs Info
--
macro.AllowICMPs fails on startup
https://launchpad.net/bugs/66106
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
