[Firehol-support] Why this ICMP call is blocked?
Kari Lempiainen
lemppari at iki.fi
Mon Feb 23 21:15:15 GMT 2015
Hi,
I feel stupid. I have a short program which sends a "Wake On Lan" packet to
a computer in my local network. Protocol is ICMP. The sending computer is
192.168.2.8 and target is 192.168.2.5. When I run my program I get “sendto:
Operation not permitted” and the syslog tells me this:
'firehol: 'OUT-myif1':'IN= OUT=eth0 SRC=192.168.2.8 DST=192.168.2.5 LEN=122
TOS=0x00 PREC=0x00 TTL=64 ID=52172 DF PROTO=ICMP TYPE=255 CODE=255
In my firehol.conf file I have:
interface eth0 myif1 src "192.168.2.0/24" dst 192.168.2.8
policy drop
[lines removed]
client all accept
Why the packet is dropped? Doesn’t "client all accept” mean that
192.168.2.8 can send anything?
Kari
More information about the Firehol-support
mailing list