thr3ads.net - Shorewall users - Ping Requests issue [May 2005]

If this information is useful, please help other people find it:
Share via:

Sivamurugu K. Pillai

2005-May-05 11:48 UTC

Ping Requests issue

Tom,

	I use shorewall 2.2.3 with four network interfaces comprising of three zones. 
I am able to ping some servers from the internet(net-zone) and not others. 

I do not want to allow ping by default from internet. I have not copied the
files action.drop
and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules
file.

The policy file is pasted below.

#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
#loc		net		ACCEPT
net		all		DROP		info
dmz0		net		ACCEPT		info
dmz1		net		ACCEPT		info
fw 		net 		ACCEPT		info
fw 		dmz0		ACCEPT		info
fw		dmz1		ACCEPT		info
dmz0		fw		ACCEPT		info
dmz1		fw		ACCEPT		info
dmz0		dmz1		ACCEPT		info
all		all		REJECT		info

Just thought you could enlighten

Thanks

Siva



            


This email contains Indscape Softech Pvt Ltd.''s confidential
information.
No confidentiality is waived or lost by any mistransmission. 
Indscape Softech Pvt Ltd.,reserves the right to monitor all e-mail
communications
through its network.

Tom Eastep

2005-May-05 13:50 UTC

head link

Re: Ping Requests issue

Sivamurugu K. Pillai wrote:> Tom,
> 
> 	I use shorewall 2.2.3 with four network interfaces comprising of three
zones.
> I am able to ping some servers from the internet(net-zone) and not others. 
> 
> I do not want to allow ping by default from internet. I have not copied the
files action.drop
> and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules
file.
> 
> The policy file is pasted below.
> 
> #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
> #loc		net		ACCEPT
> net		all		DROP		info
> dmz0		net		ACCEPT		info
> dmz1		net		ACCEPT		info
> fw 		net 		ACCEPT		info
> fw 		dmz0		ACCEPT		info
> fw		dmz1		ACCEPT		info
> dmz0		fw		ACCEPT		info
> dmz1		fw		ACCEPT		info
> dmz0		dmz1		ACCEPT		info
> all		all		REJECT		info
> 
> Just thought you could enlighten
> 
With only the above information, you actually think I can tell you
anything???

Unbelievable...

-Tom

HINT: http://shorewall.net/support.htm#Guidelines
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Reasonably Related Threads

Search for more reasonably related threads

Shorewall users - May 2005 - Ping Requests issue

Ping Requests issue

Re: Ping Requests issue

Reasonably Related Threads