On Thu, Nov 14, 2002 at 03:47:18PM -0600, Darrell F. Dieringer wrote: > > Anyone please feel free to correct me if I'm wrong, but I think your > original rules would work fine if your "ESTABLISHED" rule was changed > to "ESTABLISHED,RELATED". Perhaps the "NEW,ESTABLISHED" rule should > also say "NEW,ESTABLISHED,RELATED" as well. > > If your internal machine issues an "echo request", the "echo reply" > will be a "RELATED" packet. (I'd use icmp type numbers, but I don't > know them off the top of my head.) /usr/include/netinet/ip_icmp.h Is always handy for this kind of thing ( 8 and 0 respectively ). -- FunkyJesus System Administration Team
