----- Original Message -----
From: Tom Eastep <[email protected]>
>
>> "event_type":"drop","src_ip":"188.165.137.78","dest_ip":"172.16.0.1","pr
>> oto":"ICMP","icmp_type":0,"icmp_code":0
>
> That is a ping reply -- so 172.16.0.1 is pinging 188.165.137.78.
I see. It's because of the ICMP type 0 which is an echo reply according to
RFC792.
> No, because that packet is in the ESTABLISHED state, not the NEW state.
> Your Shorewall ruleset isn't denying systems on your network from
> initiating flows to systems that are not in your approved country list.
All clear, now that I know that it's an ICMP reply.
Thanks,
Vieri
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
