On Wed, Sep 24, 2014, at 10:34 AM, Tom Eastep wrote: > On 9/24/2014 10:19 AM, PGNd wrote: > > /stoppedrules > > + ACCEPT EXT_IF $FW icmp 8 > > + ACCEPT VPN_IF $FW icmp 8 > > > > also fails to prevent failed intfc during boot. > > Those rules are allowing incoming ping.
Realized that, changed for testing to ACCEPT - - icmp 8 which I thought would take all ALL bi-directional PING, but unfortunately no ... inftcs are still disabled. > With ADMINISABSENTMINDED=Yes (which I recommend) changing - ADMINISABSENTMINDED=No + ADMINISABSENTMINDED=Yes and trying again ... ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
