Good day, Brian, all,
On Thu, 2 May 2002, Brian J. Murrell wrote:
> I was looking through some logs my filter box was producing and had a
> thought about a particular packet drop I was seeing.
>
> The drop I am seeing is:
>
> May 2 02:44:44 gw.ilinx kernel: INPUT IN=ppp0 OUT= MAC=
> SRC=207.177.88.6 DST=my_gateway LEN=56 TOS=0x00 PREC=0x00 TTL=239
> ID=46501 DF PROTO=ICMP TYPE=3 CODE=3 [SRC=my_gateway
> DST=207.177.88.6 LEN=79 TOS=0x00 PREC=0x00 TTL=45 ID=0 FRAG:64
> PROTO=UDP ]
>
> So I was going to go write a rule to allow the icmp message back to
> the originating host and then it dawned on me that there is no way to
> conntrack this back to it's originator, or am I missing something?
Please forgive me if I've misunderstood, but I though "-m state
--state RELATED" would match port unreachables, allowing them to return to
sender.
Cheers,
- Bill
---------------------------------------------------------------------------
"If addiction is judged by how long a dumb animal will sit
pressing a lever to get a 'fix' of something, to its own detriment, then
I would conclude that netnews is far more addictive than cocaine."
-- Rob Stampfli
(Courtesy of Clement Yonkers <[EMAIL PROTECTED]>)
--------------------------------------------------------------------------
William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.stearns.org
--------------------------------------------------------------------------
