AWall 0.3.4 "no-track" for "ping" service is broken
Sample policy:
“filter”: [
{ “in”: “_fw”, “out”: “$INET”, “service”: “ping”, “action”: “accept”,
“no-track”: true }
]
This policy does not add the reverse rule for accepting incoming echo-reply packets. Instead it adds the reverse rule for accepting incoming echo-requests.
(from redmine: issue id 2714, created on 2014-02-25, closed on 2014-03-17)
- Changesets:
- Revision a12bd0c0 by Kaarle Ritvanen on 2014-02-28T21:31:20Z:
properly handle stateless ICMP rules
fixes #2714