On Tuesday 21 September 2004 13:14, Tom Eastep wrote: > > > > So I think the above link is in error. Unless there is a different "UDP > > traceroute" that I don't know of... ? > > The 'traceroute' program on any *nix system. The 'tracert' thingy on > Windoze systems uses ICMP echo-request (ping). > > And as for the ICMP 11, the standard samples that I release on > shorewall.net ALL allow outgoing ICMP from the firewall to ALL zones. So > the documentation on the Shorewall site is correct.
I have, however, updated the Shorewall site to say that ICMP 11 outbound is required and to show the usual ICMP outbound ACCEPT rules. I have also updated the Shorewall LEAF development thread to include those usual rules in place of outbout ICMP echo-request only rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
