I am using shorewall 3.0.4 on a computer running Debian Testing. /etc/shorewall/rules contains the following two statements: Ping/DROP net $FW ACCEPT $FW net icmp I am using Shields UP! at www.grc.com to test my firewall, and Shields UP! indicates that the challenge to port 113 is being denied instead of dropped. Why is Shorewall not dropping the packet? - Harold ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Monday 13 February 2006 20:10, Harold Crouch wrote:> I am using shorewall 3.0.4 on a computer running Debian Testing. > /etc/shorewall/rules contains the following two statements: > > Ping/DROP net $FW > ACCEPT $FW net icmp > > I am using Shields UP! at www.grc.com to test my firewall, and > Shields UP! indicates that the challenge to port 113 is being denied > instead of dropped. > > Why is Shorewall not dropping the packet?Why didn''t you read the FAQs before posting this question? The answer is there... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> On Monday 13 February 2006 20:10, Harold Crouch wrote: >> I am using shorewall 3.0.4 on a computer running Debian Testing. >> /etc/shorewall/rules contains the following two statements: >> >> Ping/DROP net $FW >> ACCEPT $FW net icmp >> >> I am using Shields UP! at www.grc.com to test my firewall, and >> Shields UP! indicates that the challenge to port 113 is being >> denied >> instead of dropped. >> >> Why is Shorewall not dropping the packet?----------------------------------------------------------------------> Why didn''t you read the FAQs before posting this question? The > answer is > there... > > -Tom---------------------------------------------------------------------- Prior to posting that question, I did a Google search, found http://www.shorewall.net/ping.html and paid particular attention to Example 2: Silently drop pings from the Internet. The example said to open /etc/shorewall/rules and add the statement Ping/DROP net $FW So I did. And Shorewall didn''t. I then found the Shorewall FAQ and saw only one reference to ping: "(FAQ 5) I''ve installed Shorewall and now I can''t ping through the firewall" That wasn''t what I was looking for, but next to it was a link to a page called ICMP Echo-request (Ping), and that page gave me the exact same instructions as I had found with Google. So what part of the FAQs do you expect me to be looking at? - Harold ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Harold Crouch wrote:>>On Monday 13 February 2006 20:10, Harold Crouch wrote: >> >>>I am using shorewall 3.0.4 on a computer running Debian Testing. >>>/etc/shorewall/rules contains the following two statements: >>> >>> Ping/DROP net $FW >>> ACCEPT $FW net icmp >>> >>>I am using Shields UP! at www.grc.com to test my firewall, and >>>Shields UP! indicates that the challenge to port 113 is being >>>denied >>>instead of dropped. >>> >>>Why is Shorewall not dropping the packet? > > ---------------------------------------------------------------------- > > >>Why didn''t you read the FAQs before posting this question? The >>answer is >>there... >> >>-Tom > > ---------------------------------------------------------------------- > > Prior to posting that question, I did a Google search, found > http://www.shorewall.net/ping.html and paid particular attention to > Example 2: Silently drop pings from the Internet. The example said > to > open /etc/shorewall/rules and add the statement > > Ping/DROP net $FW > > So I did. > And Shorewall didn''t. > > I then found the Shorewall FAQ and saw only one reference to ping: > "(FAQ 5) I''ve installed Shorewall and now I can''t ping through the > firewall" That wasn''t what I was looking for, but next to it was a > link to a page called ICMP Echo-request (Ping), and that page gave > me the exact same instructions as I had found with Google. > > So what part of the FAQs do you expect me to be looking at? > > - Harold >The part about "open ports" (faq 4)... Jerry ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> The part about "open ports" (faq 4)... > > Jerry > -------------------------------------------------------Thanks, - Harold ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642