why is that ? about firewall

sioux · January 10, 2007, 1:29pm

hi all
suppose that i have clear router configuration and pinging for example google.com from host which is behind router I get this:

Badanie google.com [72.14.207.99] z użyciem 32 bajtów danych:

Odpowiedź z 72.14.207.99: bajtów=32 czas=161ms TTL=242
Odpowiedź z 72.14.207.99: bajtów=32 czas=142ms TTL=242

and when I add this rule to firewall configuration

ip firewall filter add chan=forward dst-port=80 action=drop

I don’t recives echo-replays!?

why? what dst-port=80 has to icmp protocol??

when I add protocol=tcp to rule above everything is ok.

normis · January 10, 2007, 1:32pm

you HAVE TO add protocol, or the port setting won’t take effect, and will block google altogether

sioux · January 10, 2007, 1:53pm

so you are saying that my rule

add chain=forward dst-port=80 adtion=drop

is actually

add chan=forward action=drop

??

sergejs · January 10, 2007, 2:05pm

Anytime when you specify port destination/source protocol is required, otherwise rule does not work correctly.

alone · January 12, 2007, 11:08pm

you need to add the protocol tcp or whatever you need

add chain forward protocol (TCP ) dst port (80) action=accept