On Tue, 2004-10-12 at 21:42, Alexander Dalloz wrote: > > -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT > > You drop all other ICMP types other than echo (=8). That is bad. ICMP is > an important protocol and blocking specific types will break things! If > you don't know for sure why you block a specific ICMP type then just > don't. You gain no security. So I guess I should change this line with: -A INPUT -p icmp -j ACCEPT Is this OK? > > Oct 12 21:18:52 kalimotxo kernel: Bad packet from eth0:IN=eth0 OUT= > > MAC=00:50:8d:e3:19:cb:00:90:d0:bc:56:db:08:00 SRC=62.48.113.158 > > DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=21077 PROTO=TCP > > SPT=4662 DPT=36569 WINDOW=0 RES=0x00 ACK RST URGP=0 > > > > I think these are acknowledge packets, and they should be accepted (BTW, > > 4662 is my TCP port for amule). Why are they not accepted by the above > > rules (state ESTABLISHED) and how can I accept these dropped packets? > > What tells you that these are ESTABLISHED (or RELATED) connections? If > they would be, then they would not go to the LOGDROP chain. If running a > P2P client such connection attempts are pretty normal. This is how P2P > works. If this are ACK packets, I assume that they are response to a previously established communication. How can I let this packets come into my system? Juan -- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html
