[Shorewall-users] ping & shorewall restart

Tom Eastep teastep@shorewall.net
Sat, 13 Apr 2002 13:38:24 -0700 (Pacific Daylight Time)


On Sat, 13 Apr 2002, Jacques Nilo wrote:

> There is something I do not understand:
> I use shorewall 1.2.10 + the two-interfaces sample
> with that setup I cannot ping the internet from the firewall.
>

Hmm - I left out the proper rule.

> So I put
> ACCEPT		fw	net	icmp	8
> in rules
> and shorewall restart
>
> Then I can ping OK from fw to net
>

Yes -- that is as it should be.

> Now I comment out this again in rules
> I shorewall restart
> I can still ping the net from fw ?
> Why ?

Probably because you are pinging the same IP address and the connection
tracking entry from the last time you pinged is still there.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net