[7.901][BUG][OPEN] Pingv6 through astaro though any dropped

I have ICMP and Ping/Traceroute through the firewall enabled, but have a rule Any -> Internal -> Drop.

But my desktop can be pinged with its v6 address from the outside - I don't think that should be possible.

Parents

0 barkas over 15 years ago

Should not the Any via any -> internal rule drop ping as well?

Because having all ping or no ping is not really a nice alternative - I want to ping out but not ping in.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 barkas over 15 years ago

Should not the Any via any -> internal rule drop ping as well?

Because having all ping or no ping is not really a nice alternative - I want to ping out but not ping in.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Ölm over 15 years ago in reply to barkas

Should not the Any via any -> internal rule drop ping as well?

no, this behaviour is the same in V8 as it was in V7 and before
The settings in the "icmp settings" are located in the "Auto" chains of iptable, and the "manual" packetfilter rules are located in the USR-chains, which are always applied AFTER the AUTO chains

Because having all ping or no ping is not really a nice alternative - I want to ping out but not ping in.

like in V7, you should be able to selectively allow ICMP from inside to outside but not vice versa by doing it like this:
- do NOT check the "firewall forwards ping" check box
- create a packetfilter rule for the ICMPs which you want to pass

that should do the job
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel