Carlos E. R. wrote:
On 2023-04-28 19:19, Per Jessen wrote:
Carlos E. R. wrote:
The issue is - if it is a default, it is in the migration script and that would be weird.
Try running "iptables --list -n" and maybe grep for 'icmp'
I see I forgot to mention that I run the query in a computer that is still running SuSEfirewall2.
I did expect that, otherwise it would have been useless :-)
Telcontar:~ # iptables --list -n | grep -i icmp ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED REJECT all -- 0.0.0.0/0 0.0.0.0/0 owner GID match 1011 reject-with icmp-port-unreachable
That is an odd one, I don't think I have ever seen anything like that.
I think I remember where that one may come from, but I do not remember it was icmp.
No, it's for all protocols, the grep hits on on the reject-with reason.
This was used on acroread. That program run with that GID, and thus had it network connections denied. No talking back home.
Weird sh**t .... :-) [snip]
.5 was oldrouter.valinor .6 is one of the switches, don't know which. .29 I don't remember, it is not in the DNS, but seeing the syslog reference it had to be a router or access point. Not active anymore.
It is beginning to sound like you have a lot of old baggage to get rid of.
That is more stuff that you have added. It looks to me as if you accept type 4 (weird, "source quench?" ) type 8 (ping request)
See above. I just wrote a plain normal SuSEfirewall option.
Oh sure, I understand that, but it is nonetheless why you have ended up with something utterly unmaintainable. In my opinion, of course. -- Per Jessen, Zürich (13.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes