RELATED ICMP packets of type 3
Jason Opperisano
opie at 817west.com
Fri Feb 11 16:49:55 CET 2005
On Fri, Feb 11, 2005 at 04:41:19PM +0100, Victor Julien wrote:
> > yes. personally (for whatever that is worth), i allow ICMP Types 3, 11,
> > and 12 [*].
>
> Will these all be accepted by the accepting all RELATED packets? Or do i need
> extra rules to allow them?
in theory--they are RELATED. in practice, i allow them explicitly.
looking at one of my firewalls, it appears as though there are ICMP Type
3 packets that get past the RELATED rule and hit the explicit allow rule,
but the counters for the explicit allow for types 11 and 12 are at 0.
-j
--
"Me lose brain? Uh, oh! Ha ha ha! Why I laugh?"
--The Simpsons
More information about the netfilter
mailing list