Trying to get ping to work through iptables.
Rashkae
ubuntu at tigershaunt.com
Tue Jan 6 15:39:42 UTC 2009
Martin McCormick wrote:
> I have set up the following iptables rules:
>
> sudo iptables -I INPUT 1 -i lo -j ACCEPT
> sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> sudo iptables -A INPUT -p tcp --dport echo -j ACCEPT
> sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
> sudo iptables -A INPUT -j DROP
>
> Everything seems to work as expected except for ping
> (echo) which doesn't answer as long as the firewall is in
> effect.
>
You need to accept icmp protocol packets for things like ping and
traceroute.
/sbin/iptables -A INPUT -p icmp -j ACCEPT
Also, note that it's common practice to make your default Input Policy
Drop, rather than a rule in the chain. Strictly speaking, I don't think
it makes a difference in the end, but it does make it possible to append
rules at the end of the chain later on.
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
More information about the ubuntu-users
mailing list