[Shorewall-users] Three way ICMP ?

Bill.Light at kp.org Bill.Light at kp.org
Tue Dec 2 13:57:09 PST 2003


On Tue, 2003-12-02 at 12:47, Tom Eastep wrote:

> 
> You can eliminate these annoying messages by adding this to your
> /etc/shorewall/start file:
> 
> run_iptables -I OUTPUT 3 -p icmp -j ACCEPT
> 

Or, more conventionally, by adding this rule:

                 ACCEPT          $FW             net             icmp

-Tom

=========================================

Done - We'll see what happens...

Thanks for the quick response!

Also - apparently I added to the "New Actions" thread and it got lost....

To add my 2 cents....The comment on the same line of a blacklist entry 
would be nice...i.e the IP address and what they did (or why I put it 
there)...

example - something like:

123.45.67.89    ; This joker keeps trying the old senmail exploit 
23-Nov-2003

Versus...

# This next joker keeps trying the old sendmail exploit  23-Nov-2003
123.45.67.89

I know it's a nit....and certainly no showstopper.

- Bill


More information about the Shorewall-users mailing list