Trying to get ping to work through iptables.

Rashkae ubuntu at
Tue Jan 6 17:02:04 UTC 2009

Martin McCormick wrote:

>> Also, note that it's common practice to make your default Input Policy
>> Drop, rather than a rule in the chain.  Strictly speaking, I don't think
>> it makes a difference in the end, but it does make it possible to append
>> rules at the end of the chain later on.
> 	Hmm. Very good point, but doesn't dropping the packet
> preclude it from going any further?
> Martin McCormick

The default policy is applied only if no other rules matched.  In
effect, it's the same as a rule that is permanently appended to the end
of the chain.  Also, it's a rule that will still be in effect if the
entire chain is removed.  That can be double edged.  If your sitting on
a workstation, you can clear the iptables chain and input an entire new
one without dropping your firewall.  Conversely, on a remote access
system, if you clear the Input chain, you will lock yourself out.

More information about the ubuntu-users mailing list