First off, I KNOW that this firewall is receiving ICMP redirect messages all the time from my DSL router. This is because they are valid, and I don''t want to hardcode the routes that the DSL router send to the other firewall. And I don''t want to rely on a routing protocol on the public net. Anyway: Jan 8 15:24:27 dectop3 kernel: Redirect from 208.83.67.129 on eth0 about 208.83.67.131 ignored. Jan 8 15:24:27 dectop3 kernel: Advised path = 208.83.67.130 -> 208.83.67.156 So I turn info on for default-policy, and now I have to get this. I WANT the kernel to act on the redirect, and not be annoyed with logs about it. I need an ICMP specific on REDIRECT? ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Robert Moskowitz wrote:> First off, I KNOW that this firewall is receiving ICMP redirect messages > all the time from my DSL router. This is because they are valid, and I > don''t want to hardcode the routes that the DSL router send to the other > firewall. And I don''t want to rely on a routing protocol on the public > net. > > Anyway: > > Jan 8 15:24:27 dectop3 kernel: Redirect from 208.83.67.129 on eth0 > about 208.83.67.131 ignored. > Jan 8 15:24:27 dectop3 kernel: Advised path = 208.83.67.130 -> > 208.83.67.156 > > So I turn info on for default-policy, and now I have to get this. I > WANT the kernel to act on the redirect, and not be annoyed with logs > about it. I need an ICMP specific on REDIRECT?You turned on ''log_martians'' even though your problem had nothing to do with that option and now you are complaining about the effect? The warning about the blacklist entries being ignored was caused by the absence of the ''blacklist'' option. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Tom Eastep wrote:> > You turned on ''log_martians'' even though your problem had nothing to do > with that option and now you are complaining about the effect? >Make that ''logmartians'' -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace