Hi everyone, hope this is the right place (is it, Marc?). I just downloaded SuSEFirewall2 to give it a try. Seems to work great, no serious problems found. One thing annoys me: I did set ping_ext (dont konw the exact name right now) to yes. So ping to the internet should be allowed. But I dont get anything back, not even DENYs in the log. Christian -- we reject: kings, presidents, religions we accept: working code
Hi Christian, i've got the same problem. The reason is, that the ICMP-packets got a "bad checksum"-Flag, when arriving the SUSEFW-ACCEPT-PINGIN, so there is no answer and the icmp-request goes to the DROP-ICMPIN. i wrote an email about that to marc. he wants me to remove the rules which includes $IPTABLES -A $i -j TOS with "-p icmp" . Ok, if you removed that kind of rules, PING works fine. But i'm not sure about the security without those special icmp-rules.... I'll wait for a comment of someone, who knows more details - maybe Marc ;-) Norbert
participants (2)
-
Christian Lox -
Norbert Rautenberg