From: Donovan B. <ab...@mi...> - 2003-03-30 04:35:59
|
On Sun, 2003-03-30 at 01:21, Tom Eastep wrote: > On 30 Mar 2003, Donovan Baarda wrote: > > > G'day, > > > > Just forwarding this rather detailed Debian bug report I submitted. > > > > > > Quick workaround is to put the following in /etc/shorewall/start: > > run_iptables -I OUTPUT -p icmp --icmp-type time-exceeded -j ACCEPT Thanks for the workaround. I'd forgotten you could do this kind of thing. It works nicely and integrates cleanly with the existing shorewall rules. In my searches, I was kind of amazed that there didn't seem to be many people who had noticed this, and those who had didn't seem to firmly identify the problem, let alone offer a solution. There was nothing in the shorewall FAQ about it. Is this an iptables or kernel bug, is it a shorewall bug, or is it just a feature? Is anyone working on a fix? -- ---------------------------------------------------------------------- ABO: finger ab...@mi... for more info, including pgp key ---------------------------------------------------------------------- |