teastep at shorewall.net
Sun Dec 7 13:49:03 PST 2003
On Sun, 7 Dec 2003, Jimi Frechette wrote:
> Hi, I've posted about my problem that I couldn't ping my linux whatever
> my shorewall config was. In fact my file
> /proc/sys/net/ipv4/icmp_echo_ignore_all had a 1 into it. Is it a
> shorewall bug to let it filled even if my policy accepts all even icmp ?
No -- Shorewall doesn't touch that flag one way or the other; same with
most flags in /proc/sys/net/ipv4.
It seems pretty silly for Shorewall to provide redundant config variables
for those; just set them the way you want in /etc/shorewall/start.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users