I'm configuring shorewall on a server, and things are going well so far. However, there is one thing I am wondering about. The 'rules' file has, among others, the following lines:
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
As far as I understand, the two last lines allow the firewall to ping machines on both the local network and the internet. However, it also seems that the 4th line from the bottom drops pings from the internet. All lines seems to relate to pinging. However, is ACCEPT [...] icmp different from Ping(DROP), or could it have been written (i've changed the 4th line from the bottom) as I've done below?
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
DROP net $FW icmp
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
All hints appreciated!