Alexandru Dragoi wrote:
This works fine for UDP and TCP, but my outgoing ICMP packets never match
the rule. I understand why incoming ICMP should fail to match, but why are
outgoing packets missing the filter?
I think this is because icmp packets are just generated and sent away by
some part of the kernel after it received a syscall from a program with
uid 0 (only root can use icmp).
Oh, of course! *slaps head*
Ping was running as setuid root. I feel silly now, thanks for pointing
that out. :)
--
Jay L.T. Cornwall, http://www.esuna.co.uk/~jay/
PhD Student
Imperial College London