Am Freitag, 11. M�rz 2005 13:10 schrieb Emanuel Strobl: > I'm on the firewall again and verified that block return works for tcp-rst, > but not for return-icmp (with or without code), it seems packets just get > droped, regardless for which protocol (tested UDP, ICMP, TCP).
Sorry for the noise, it's my mistake, ping doesn't show me the error message. I think I can remember that the last time I created/tested a ruleset (with 4.6) I got detaild error messages like "telnet: connect to address 82.135.28.195: Destination Host Unreachable" but now I just get "telnet: connect to address 82.135.28.195: Connection refused" without the error report. Is it possible that in former times these ICMP error messages were printed on the console which now the kernel doesn't anymore? > > Then I have another problem which may be a design problem. > I am multihomed and have several pass reply-to rules. So far things are > working fine but block return doesn't! Of course, the return gets over the > default route, so what I needed is a block return route-to or something > like that. > Do you know any detour how this could be achieved? This problem is still unsolved :( Thnaks, -Harry > > Thanks, > > -Harry > > > > Thanks, > > > > > > > > > -Harry (P.S.: Emanuel and Harry are the same persons (me) the gmx > > > address is just a fake identity for mailing lists) > > > > okay ... you see us perplexed ;)
pgp6Gz1qLLLIP.pgp
Description: PGP signature
