>I'm having trouble with flitering ICMP ECHO packets from the modems. I
>set the filter and it seems that the input filter isn't even there. I
>ptrace the filter though and it gives me the desired packet tracing
>effect. Perhaps someone can tell me the error in my reasoning.
>first, I add filter icmp.in
>Then I set the filter with these params
> 1 permit 208.9.136.0/24 0.0.0.0/0 icmp
> 2 permit 208.9.209.0/24 0.0.0.0/0 icmp
> 3 permit 0.0.0.0/0 208.9.136.82/32 icmp
> 4 deny 0.0.0.0/0 208.9.136.0/24 icmp type 8
> 5 deny 0.0.0.0/0 208.9.209.0/24 icmp type 8
> 6 permit 0.0.0.0/0 0.0.0.0/0 icmp
> 7 permit 0.0.0.0/0 0.0.0.0/0 tcp
> 8 permit 0.0.0.0/0 0.0.0.0/0 udp
>Being that 208.9.136.0/24 and 208.9.209.0/24 are domains, and
>208.9.136.82 is the main machine. The object is to filter out all ICMP
>ECHO to the modems except from the two domains.
>I then set S43 if icmp.in (my current port S43)
>And finally save all.
>But again, it just seems that the filter is not in place.
>Thanks for any help, I need it :)
>
>******************************************
> Eric Mellon
> UNIX Systems Administrator
> Delanet Inc. http://www.delanet.com
>"God will save my soul, if I have a soul."
>******************************************
>
>
>
----------------------------------------------------------
Dan Struthers
The solution to any problem lies in its proper definition.
----------------------------------------------------------