[Firehol-support] Why this ICMP call is blocked?

Tsaousis, Costa costa at tsaousis.gr
Mon Feb 23 22:32:35 GMT 2015

Hi Kari,

To my understanding the iptables connection tracker does not see this
as a NEW connection.
FireHOL trusts the iptables connection tracker...

Which program do you use to send this wake on lan packet? I'll try to
reproduce it and check what happens...


On Mon, Feb 23, 2015 at 11:15 PM, Kari Lempiainen <lemppari at iki.fi> wrote:
> Hi,
> I feel stupid. I have a short program which sends a "Wake On Lan" packet to
> a computer in my local network. Protocol is ICMP. The sending computer is
> and target is When I run my program I get “sendto:
> Operation not permitted” and the syslog tells me this:
> 'firehol: 'OUT-myif1':'IN= OUT=eth0 SRC= DST= LEN=122
> TOS=0x00 PREC=0x00 TTL=64 ID=52172 DF PROTO=ICMP TYPE=255 CODE=255
> In my firehol.conf file I have:
> interface eth0 myif1 src "" dst
> policy drop
> [lines removed]
> client all accept
> Why the packet is dropped? Doesn’t "client all accept” mean that
> can send anything?
> Kari
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list