Sophie

Sophie

distrib > Mandriva > mes5 > x86_64 > by-pkgid > 45723c51178a73df679c2a8284d8eeff > files > 176

shorewall-doc-4.0.15-0.2mdvmes5.noarch.rpm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>ICMP Echo-request (Ping)</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="article" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title"><a id="id257523"></a>ICMP Echo-request (Ping)</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Tom</span> <span class="surname">Eastep</span></h3></div></div></div><div><p class="copyright">Copyright © 2001-2005 Thomas M. Eastep</p></div><div><div class="legalnotice"><a id="id292632"></a><p>Permission is granted to copy, distribute and/or modify this
      document under the terms of the GNU Free Documentation License, Version
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
      “<span class="quote"><a class="ulink" href="GnuCopyright.htm" target="_self">GNU Free Documentation
      License</a></span>”.</p></div></div><div><p class="pubdate">2008/12/15</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#Ping">'Ping' Management</a></span></dt></dl></div><div class="caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p><span class="bold"><strong>This article applies to Shorewall 3.0 and
    later. If you are running a version of Shorewall earlier than Shorewall
    3.0.0 then please see the documentation for that
    release.</strong></span></p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Enabling “<span class="quote">ping</span>” will also enable ICMP-based
    <span class="emphasis"><em>traceroute</em></span>. For UDP-based traceroute, see the <a class="ulink" href="ports.htm" target="_self">port information page</a>.</p></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Ping"></a>'Ping' Management</h2></div></div></div><p>In Shorewall , ICMP echo-requests are treated just like any other
    connection request.</p><p>In order to accept ping requests from zone z1 to zone z2 where the
    policy for z1 to z2 is not ACCEPT, you need a rule in
    <code class="filename">/etc/shorewall/rules</code> of the form:</p><pre class="programlisting">#ACTION      SOURCE    DEST     PROTO    DEST PORT(S)
Ping/ACCEPT    z1        z2</pre><div class="example"><a id="Example1"></a><p class="title"><b>Example 1. Ping from local zone to firewall</b></p><div class="example-contents"><p>To permit ping from the local zone to the firewall:</p><pre class="programlisting">#ACTION      SOURCE    DEST     PROTO    DEST PORT(S)
Ping/ACCEPT   loc      $FW</pre></div></div><br class="example-break" /><p>If you would like to accept “<span class="quote">ping</span>” by default even when
    the relevant policy is DROP or REJECT, copy
    <code class="filename">/usr/share/shorewall/action.Drop</code> or
    <code class="filename">/usr/share shorewall/action.Reject</code> respectively to
    <code class="filename">/etc/shorewall</code> and simply add this
    line to the copy:</p><pre class="programlisting">Ping/ACCEPT</pre><p>With that rule in place, if you want to ignore “<span class="quote">ping</span>”
    from z1 to z2 then you need a rule of the form:</p><pre class="programlisting">#ACTION      SOURCE    DEST     PROTO    DEST PORT(S)
Ping/DROP     z1        z2</pre><div class="example"><a id="Example2"></a><p class="title"><b>Example 2. Silently drop pings from the Internet</b></p><div class="example-contents"><p>To drop ping from the Internet, you would need this rule in
      <code class="filename">/etc/shorewall/rules</code>:</p><pre class="programlisting">#ACTION    SOURCE    DEST     PROTO    DEST PORT(S)
Ping/DROP  net       $FW</pre></div></div><br class="example-break" /><p>Note that the above rule may be used without changing the action
    files to prevent your log from being flooded by messages generated from
    remote pinging.</p></div></div></body></html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional