On Jul 18, 2005, at 10:54 AM, Christian Haugan Toldnes wrote: > I don't think the problem is missing support for 'icmp-type' but > rather that 'icmp-type' is treated as an argument instead of an > option. > > Maybe ask the Shorewall developers about this. Our iptables is a > stock, non-patched v1.3.1.
I had communicating these last days with the Shorewall mailinglist. They are sure it's iptables related and not the Shorewall scripts. They had this one example --- ursa:/var/log/YaST2 # iptables -N AllowICMPs ursa:/var/log/YaST2 # iptables -A AllowICMPs -p icmp --icmp-type fragmentation-needed -j ACCEPT --- This should work on default iptables setup. I'tried it on and default Fedora Core 3 and it works great. On Trustix 3.0 it complains about: --- [EMAIL PROTECTED] ~# iptables -N AllowICMPs [EMAIL PROTECTED] ~# iptables -A AllowICMPs -p icmp --icmp-type fragmentation- needed -j ACCEPT iptables v1.3.2: Unknown arg `--icmp-type' Try `iptables -h' or 'iptables --help' for more information. --- Is ICMP disabled on Trustix 3.0? Just asking - don't know if it is possible. When you do and iptables -p icmp --help no icmp support is found. I've tried compiling iptables 1.3.2 self but the succes. Still same errors from iptables. Should I make and bug report? Best regards /Jannic _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
