> I would allow the firewall to send ICMP messages > through its OUTPUT chain, and > if it can generate any connections from itself, then > you should allow them in > through the INPUT chain as well, however you say you > do not allow outgoing > connections (not even DNS??), so this may not be > needed. The fedora box doesn't do dns or anything. It's sole purpose is a packet forwarding router that doesnt' allow any input or output, just forwards. Currently it only forwards SSH packets. I may add other forwarding later but the idea is the same still, no direct incoming/outgoing connections to it, just forwards. That is why I'm not sure if I need ICMP supported on it or not, and not sure where do add the ICMP support (input, output, forward). __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
