Robert Moskowitz wrote:
First off, I KNOW that this firewall is receiving ICMP redirect messages all the time from my DSL router. This is because they are valid, and I don't want to hardcode the routes that the DSL router send to the other firewall. And I don't want to rely on a routing protocol on the public net.Anyway:Jan 8 15:24:27 dectop3 kernel: Redirect from 208.83.67.129 on eth0 about 208.83.67.131 ignored. Jan 8 15:24:27 dectop3 kernel: Advised path = 208.83.67.130 -> 208.83.67.156So I turn info on for default-policy, and now I have to get this. I WANT the kernel to act on the redirect, and not be annoyed with logs about it. I need an ICMP specific on REDIRECT?
You turned on 'log_martians' even though your problem had nothing to do with that option and now you are complaining about the effect?
The warning about the blacklist entries being ignored was caused by the absence of the 'blacklist' option.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
