Could anyone explain this to me. It used to work. But at some point stopped.
[EMAIL PROTECTED]:~$ sudo ipchains --flush [EMAIL PROTECTED]:~$ sudo ipchains -nL Chain input (policy ACCEPT): Chain forward (policy ACCEPT): Chain output (policy ACCEPT): [EMAIL PROTECTED]:~$ sudo ipchains -A input -j ACCEPT -i lo -s 0.0.0.0/0 ping -d 127.0.0.1 -p icmp [EMAIL PROTECTED]:~$ sudo ipchains -A input -j DENY -l [EMAIL PROTECTED]:~$ sudo ipchains -C input -i lo -s 0.0.0.0/0 ping -d 127.0.0.1/32 -p icmp accepted [EMAIL PROTECTED]:~$ ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes --- 127.0.0.1 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss [EMAIL PROTECTED]:~$ sudo tail -n 1 /var/log/syslog Apr 11 20:59:19 feivel kernel: Packet log: input DENY lo PROTO=1 127.0.0.1:0 127.0.0.1:0 L=84 S=0x00 I=5012 F=0x0000 T=255 (#2) So ipchains -C says the packet will be accepted, but in fact it won't? I then tried: [EMAIL PROTECTED]:~$ sudo ipchains -I input 1 -j ACCEPT -i lo -s 0.0.0.0/0 0 -d 127.0.0.1 -p icmp [EMAIL PROTECTED]:~$ ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.3 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.3 ms In other words, ping no longer sends out icmp type 8 but icmp type 0. AFAIK ECHO_REQUEST is 8, isn't it? Michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: [email protected] | Use PostgreSQL!
