[Firehol-support] Why this ICMP call is blocked?

Tue Feb 24 08:41:18 CET 2015

Hi Costa,

Thanks for help! I'm using a short self coded program. You can find the
source here: https://dl.dropboxusercontent.com/u/13407959/wake.c You need
to change target MAC address and ip-name (target variable) to run it
correctly, but you should get the error running it as it is.

Kari

On 24 February 2015 at 00:32, Tsaousis, Costa <costa at tsaousis.gr> wrote:

> Hi Kari,
>
> To my understanding the iptables connection tracker does not see this
> as a NEW connection.
> FireHOL trusts the iptables connection tracker...
>
> Which program do you use to send this wake on lan packet? I'll try to
> reproduce it and check what happens...
>
> Costa
>
>
>
> On Mon, Feb 23, 2015 at 11:15 PM, Kari Lempiainen <lemppari at iki.fi> wrote:
> > Hi,
> >
> >
> > I feel stupid. I have a short program which sends a "Wake On Lan" packet
> to
> > a computer in my local network. Protocol is ICMP. The sending computer is
> > 192.168.2.8 and target is 192.168.2.5. When I run my program I get
> “sendto:
> > Operation not permitted” and the syslog tells me this:
> >
> > 'firehol: 'OUT-myif1':'IN= OUT=eth0 SRC=192.168.2.8 DST=192.168.2.5
> LEN=122
> > TOS=0x00 PREC=0x00 TTL=64 ID=52172 DF PROTO=ICMP TYPE=255 CODE=255
> >
> >
> > In my firehol.conf file I have:
> >
> > interface eth0 myif1 src "192.168.2.0/24" dst 192.168.2.8
> >
> > policy drop
> >
> > [lines removed]
> >
> > client all accept
> >
> >
> > Why the packet is dropped? Doesn’t "client all accept” mean that
> > 192.168.2.8 can send anything?
> >
> >
> > Kari
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org
> > http://lists.firehol.org/mailman/listinfo/firehol-support
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support