On 03.03.2010 18:41, Pascal Hambourg wrote: > Christoph Anton Mitterer a écrit : >> if I block it completely (except echo-request) I also dont't get any >> ICMP error messages, > > No, valid ICMP error messages have the ESTABLISHED state. http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#ICMPCONNECTIONS and the man page say different. They don't talk about an icmp error message as a reply to a icmp message, but just guessing, where's the differenece? why should netfilter suddenly switch to ESTABLISHED for a icmp error reply? Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
