Matt wrote:
fw loc ACCEPT
this seems like a very "normal" thing to do, so why is it not set in the default config? are there any reasons to not accept these connections (other than local attacks on the firewall)?
If Netfilter connection tracking is working properly, ICMP 3/0 packets *are* accepted. These packets get generated by a REJECT Shorewall rule or policy for UDP requests.
Also, are you setting 'norfc1918' on your ppp0 interface (/etc/shorewall/interfaces)?
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
