[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: strange behaviour - ICMP filtering
From:       Harald Welte <laforge () gnumonks ! org>
Date:       2001-06-24 19:21:10
[Download RAW message or body]

On Fri, Jun 22, 2001 at 06:02:53PM +0200, martin.pala@telecom.cz wrote:
> Hello,
> 
> i've tried to filter all ICMP packets and i saw strange behaviour, when using 
> following command:
> 
> iptables -A INPUT -p icmp -m icmp -i eth+ -j LOG
> 
> After issuing this command, netfilter logs only icmp "type 0" and logs are
> free of any other icmp type then 0. iptables -L -n shows the following:

strange. Maybe related to the doubly-specified "-p icmp -m icmp" thing.

Please try what happens when you only use the documented "-p icmp".

Thanks.

> I think, that it would be useful to change netfilter behaviour so, that if 
> iptables command is issued without specifyng any icmp type, the resulting
> rule should cover all icmp types (instead of type 0 by default).

of course, this is the desired behaviour, and this is how  I know it to 
work.

If it is some particular problem because you specify the icmp twice, I will
put it on the todo list. Either we have to print an error or silently 
ignore the second time.

(-p does a 'hidden' -m)

> Best regards,
> Martin Pala

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

[prev in list] [next in list] [prev in thread] [next in thread]