From mboxrd@z Thu Jan 1 00:00:00 1970 From: Phil Oester Subject: Re: [PATCH] Unspecified proto should print as "all" in iptables -L Date: Thu, 3 May 2007 10:31:21 -0700 Message-ID: <20070503173121.GA7998@linuxace.com> References: <20070428220206.GA26272@linuxace.com> <463524E7.60107@netfilter.org> <20070430171317.GA6904@linuxace.com> <20070430173654.GB6904@linuxace.com> <20070430200930.GA8187@linuxace.com> <463A0EEB.5050402@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Jorge Davila , netfilter-devel@lists.netfilter.org, Jan Engelhardt , Pablo Neira Ayuso To: Carl-Daniel Hailfinger Return-path: Content-Disposition: inline In-Reply-To: <463A0EEB.5050402@gmx.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org On Thu, May 03, 2007 at 06:33:47PM +0200, Carl-Daniel Hailfinger wrote: > On 03.05.2007 18:16, Jorge Davila wrote: > > Well, it's because some users inside the internal networks under my > > administration visit http://www.grc.com/ and run the Shields Up! to see > > the open ports in the gateways and they see the port 0 open. That was > > the reason to apply the rule. > > Ah cool, that's another datapoint when trying to guess the firewall > ruleset. Port 0 not filtered roughly means "default policy is ACCEPT". > (Well, not quite. But close.) Let's be clear here...we aren't talking about _PORT_ zero. We're talking about _PROTOCOL_ zero. Can you please elaborate on the specific need to filter _PROTOCOL_ zero? Phil