[Shorewall-users] /proc/sys/net/ipv4/icmp_echo_ignore_all

Tom Eastep teastep at shorewall.net
Sun Dec 7 13:49:03 PST 2003

On Sun, 7 Dec 2003, Jimi Frechette wrote:

> Hi, I've posted about my problem that I couldn't ping my linux whatever
> my shorewall config was. In fact my file
> /proc/sys/net/ipv4/icmp_echo_ignore_all had a 1 into it. Is it a
> shorewall bug to let it filled even if my policy accepts all even icmp ?

No -- Shorewall doesn't touch that flag one way or the other; same with 
most flags in /proc/sys/net/ipv4.

It seems pretty silly for Shorewall to provide redundant config variables 
for those; just set them the way you want in /etc/shorewall/start.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list