Quark IT - Hilton Travis schrieb:
> Hi All,
>
> I'm trying to find a way to allow m0n0wall to reply to PING requests
> from the WAN side but cannot seem to find a way to allow this.  It's a
> bit weird to not have this configurable in the interface, especially as
> blocking PING responses (the m0n0wall default) is in breach of RFCs.
>
> Any ideas?
>   
Yes,
here is my rule:

<rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>icmp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <address>WAN-IP here</address>
            </destination>
            <descr>allow ICMP auf Firewall</descr>
        </rule>

or

<rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>icmp</protocol>
            <icmptype>echo</icmptype>
            <source>
                <any/>
            </source>
            <destination>
                <address>WAN-IP here</address>
            </destination>
            <descr>allow ICMP auf Firewall</descr>
        </rule>

this is the bug, it might be echo reply (10) and not echo (request) (9)

bye Christoph


> --
>
> Regards,
>
> Hilton Travis                          Phone: +61 (0)7 3344 3889
> (Brisbane, Australia)                  Phone: +61 (0)419 792 394
> Manager, Quark IT                      http://www.quarkit.com.au
>          Quark AudioVisual             http://www.quarkav.net
>
> http://www.threatcode.com/ <-- its now time to shame poor coders 
> into writing code that is acceptable for use on today's networks
>
> War doesn't determine who is right.  War determines who is left.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>   


-- 
last words:
"let's make the backup tomorrow"