Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please
Mon, 18 May 1998 20:17:49 +0200

On Mon, May 18, 1998 at 07:38:47PM +0200, mlord wrote:
> wrote:
> ...
> > (3) is probably the best solution, but it is really worth to care
> > about this weird case? Alexey, what do you mean?
> As weird a case as it may seem, this is probably the most-used
> setup for firewalling.
> Most folks who use linux-firewalling are probably just using it
> because it's necessary for ip-masquerading machines behind a
> dial-out PPP box.

Masquerading rules don't send ICMP messages.

But there is another problem I first did think of. It means that
Linux 2.1 will never send "normal" DEST_UNREACH/NET_UNREACH messages
because that code uses icmp_send too. So we need to solve it.

There is only one problem: the RTCF_* flags already uses all available
32bits in the flag word, so we can't just add another one :(


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to