On Thu, Dec 06, 2001 at 11:55:28AM +1100, Rebecca Dridan wrote (1.00): > pluto kernel: Packet log: input DENY eth0 PROTO=1 210.86.82.93:3 xx.xx.xx.xx:3 > ..... > > I've found out that that's an ICMP packet, with type Desination Unreadable and > code Port Unreachable, but I'm not sure what this means. Is it important, and > is there any way of stopping it?
This means that pluto is trying to connect to a closed port on xxx.xxx.xxx.xxx, and the remote end is trying to tell you to cut it out, like it's supposed to. If you block those messages, you'll have to wait for your connects to timeout, instead of stopping. Blocking all ICMP isn't a good idea. At the very least, you should allow the Destination Unreachable type through, and maybe a couple of others. Searching google for "ICMP Blocking" will probably bring up many articles like <http://www.networkmagazine.com/article/NMG20000829S0003>, which might be of help in deciding what to allow through. M
