##############################################################################
# Shorewall 1.1 /etc/shorewall/icmp.def
#
# This file defines the default rules for accepting ICMP packets. 
#
# Do not modify this file -- if you want to change these rules, copy this
# file to /etc/shorewall/icmpdef and modify that file.
#
{
  foreach ( split ( ',', $ICMP_AUDIT ) ) {
    $OUT .= "run_iptables -A icmpdef -p ICMP --icmp-type $_ -j LOG --log-level $FirewallLogDegre\n";
  }

  foreach ( split( ',', $ICMP_OUTBOUND_ACCEPTED_TYPES ) ) {
    $OUT .= "run_iptables -A icmpdef -p ICMP --icmp-type $_ -j ACCEPT\n";
  }


#  $OUT .= "run_iptables -A icmpdef -p ICMP -j $FirewallReject\n";
}

#run_iptables -A icmpdef -p ICMP --icmp-type echo-reply              -j ACCEPT
#run_iptables -A icmpdef -p ICMP --icmp-type source-quench           -j ACCEPT
#run_iptables -A icmpdef -p ICMP --icmp-type destination-unreachable -j ACCEPT
#run_iptables -A icmpdef -p ICMP --icmp-type time-exceeded           -j ACCEPT
#run_iptables -A icmpdef -p ICMP --icmp-type parameter-problem       -j ACCEPT


#run_iptables -A icmpdef -p icmp  -j LOG --log-level info
#run_iptables -A icmpdef -p icmp  -j DROP
