Gönderim Listesi ecs-isp@2rosenthals.com Ar?vli ?leti #404

Gönderen: "Steven Levine" <ecs-isp@2rosenthals.com> Tam Ba?l?klar
Çözülmemi? ?leti
Konu: Re: [eCS-ISP] IJ FW 4.2.2 ICMP not working
Tarih: Thu, 25 Aug 2022 12:28:31 -0700
Alacak: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-4755079@2rosenthals.com>, on 08/25/22
   at 08:40 PM, "Roderick Klein" <ecs-isp@2rosenthals.com> said:

Hi,

>On 25-08-22 10:06, Massimo S. wrote:
>> #Inetcfg:    CURRENT    DEFAULT    MINIMUM    MAXIMUM

>I got it wrong. Are you certain you did not block ICMP traffic in Injoy
>firewall itself ?

FWIW, this depends on the firewall security level and any custom rules
that might be in place.

Massimo, did ICMP ever work on this system or did some ijfw rule change
cause this?

Based on what you say, I have to assume you have added VPN and IPSEC rules
to the standard level 4 ruleset.  I would recommend checking these rules
and the rule order and make sure these new rules are not preventing ICMP.

One way to test this is add add the custom rule

C-Enable-Ping
Comment = "Enable ping",
Protocol = ICMP,
Rule-Action = Allow

at the top of your firerule.cnf.  This will prevent the rules that may
follow from blocking ICMP.

We prefer to run at Level 5, even though we don't use ijfw for ipsec or
vpn, so that ports are blocked by default along with ICMP.  We open
specific ports in firerule.cnf and allow ICMP with a variation of the
above rule.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Abone ol: Bildirim, Derleme, Fihrist.
Abonelikten ç?k
Liste Sorumlusuna Postala