| View previous topic :: View next topic |
| Author |
Message |
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1211
Location: U.S.A.
|
 Posted: Tue Feb 12, 2008 11:45 pm Post subject: Simple shorewall question [Solved] |
 |
|
Using shorewall for the first time.
Looking at the macros, I notice that macro.Ping contains:
| Code: | ###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
PARAM - - icmp 8 |
But when I consult /etc/services and IANA's web site, port 8 is unassigned and ICMP Echo is assigned port 7. So why doesn't this say "7" where it says "8"?
I'm novice with respect to networking, so I am hoping someone will explain this to me.
Last edited by BoneKracker on Wed Feb 13, 2008 1:34 am; edited 1 time in total |
|
| Back to top |
|
 |
Sadako
Advocate
Joined: 05 Aug 2004
Posts: 3744
Location: sleeping in the bathtub
|
| Posted: Wed Feb 13, 2008 12:24 am Post subject: |
|
|
I would imagine the "8" refers to the icmp message type rather than a port number.
Take a look at this, and check the output of iptables-save (which will only dump to stdout) to see if that "8" is the argument of an "--icmp-type" in that rule.
_________________
"You have to invite me in" |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1211
Location: U.S.A.
|
| Posted: Wed Feb 13, 2008 1:33 am Post subject: |
|
|
Yes, that's it. I just logged back in to delete my question, but you answered it already! 
From SHOREWALL-RULES( 5 ):
| Quote: | DEST PORT(S) (Optional) -- {-|port-name-number-or-range[,port-name-number-or-range]...}
Destination Ports. A comma-separated list of Port names (from services(5)), port numbers or port ranges; if the protocol is icmp, this column is interpreted as the destination icmp-type(s). |
I do appreciate the help. |
|
| Back to top |
|
|
|
Networking & Security
