[Firehol-support] Why this ICMP call is blocked?
Tsaousis, Costa
costa at tsaousis.gr
Mon Feb 23 22:32:35 GMT 2015
Hi Kari,
To my understanding the iptables connection tracker does not see this
as a NEW connection.
FireHOL trusts the iptables connection tracker...
Which program do you use to send this wake on lan packet? I'll try to
reproduce it and check what happens...
Costa
On Mon, Feb 23, 2015 at 11:15 PM, Kari Lempiainen <lemppari at iki.fi> wrote:
> Hi,
>
>
> I feel stupid. I have a short program which sends a "Wake On Lan" packet to
> a computer in my local network. Protocol is ICMP. The sending computer is
> 192.168.2.8 and target is 192.168.2.5. When I run my program I get “sendto:
> Operation not permitted” and the syslog tells me this:
>
> 'firehol: 'OUT-myif1':'IN= OUT=eth0 SRC=192.168.2.8 DST=192.168.2.5 LEN=122
> TOS=0x00 PREC=0x00 TTL=64 ID=52172 DF PROTO=ICMP TYPE=255 CODE=255
>
>
> In my firehol.conf file I have:
>
> interface eth0 myif1 src "192.168.2.0/24" dst 192.168.2.8
>
> policy drop
>
> [lines removed]
>
> client all accept
>
>
> Why the packet is dropped? Doesn’t "client all accept” mean that
> 192.168.2.8 can send anything?
>
>
> Kari
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list