[ previous ] [ next ] [ threads ]
 
 From:  "Maciej Herjan" <maciek at dbn dot pl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  ESP and ICMP packets blocked "by default"
 Date:  Wed, 19 Oct 2005 21:25:10 +0200 
Hello,

I have installation of m0n0wall with bridged second interface (opt1) called
FIB. FIB is bridged with WAN.
Everything works fine, but I have noticed that ESP and some kind of ICMP
packets are blocked on firewall "by default" on WAN and FIB interface
(probably on LAN too) in any version of m0n0wall above 1.2b3.

Suppose, I have firewall rules:

WAN : pass | any_proto | any_port_src | any_address_src | any_port_dst |
my_ip_address
FIB   :  pass | any_proto | any_port_src | my_ip_address | any_port_dst |
any_address_dst

There is no another firewall rules for ESP/ICMP protocol and no another
rules for <my_ip_address> at any interface at all.

Why in this case does firewall block ESP and some kind of ICMP packets?

Any idea?

Thanks for your help.

Best regards, Maciek