This is a folllowup of http://www.astaro.org/beta-versions/...ied-wrong.html
It seems you have again changed the behaviour !?
Now, as soon as the "automatic PING rules" are applied ("allow ping through firewall"), you have NO CHANCE to ping through the ASG, because the LOGDROPs are build into the auto_forward chain..
That means, even if you have a manually defined fw rules saying "From: Internet - to: DMZ-Servers - - Service:ping- Action: allow"
if you ping the servers from the internet, the packets are dropped.
This is odd.
I (more or less) can accept that you change the behaviour of "allow ping through firewall" so that it means more or less "allow only from inside to outside". Ok. But then the implicit fw rules should not overlay the manually defined icmp rules.
It seems you have again changed the behaviour !?
Now, as soon as the "automatic PING rules" are applied ("allow ping through firewall"), you have NO CHANCE to ping through the ASG, because the LOGDROPs are build into the auto_forward chain..
That means, even if you have a manually defined fw rules saying "From: Internet - to: DMZ-Servers - - Service:ping- Action: allow"
if you ping the servers from the internet, the packets are dropped.
This is odd.
I (more or less) can accept that you change the behaviour of "allow ping through firewall" so that it means more or less "allow only from inside to outside". Ok. But then the implicit fw rules should not overlay the manually defined icmp rules.