Trying to get ping to work through iptables.

Preston Kutzner shizzlecash at
Tue Jan 6 18:01:24 UTC 2009

On Jan 6, 2009, at 9:56 AM, Martin McCormick wrote:

> Rashkae writes:
>> You need to accept icmp protocol packets for things like ping and
>> traceroute.
>> /sbin/iptables -A INPUT -p icmp -j ACCEPT
> 	Thank you. That worked. I could have sworn I tried that
> once but maybe I mistyped the command. Anyway, that works fine,
> now.
Your original problem is that you were trying to allow echo via TCP  
and UDP.  Echo uses ICMP not TCP or UDP.  Depending on what your needs  
are, I would block all ICMP packets except echo-request/reply and  
possibly traceroute.

iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT

ICMP type 8 is "echo-request", which you may substitute for '8' if you  
ICMP type 30 is "traceroute", which, again, you may substitute for  
'30' if you wish.

>> Also, note that it's common practice to make your default Input  
>> Policy
>> Drop, rather than a rule in the chain.  Strictly speaking, I don't  
>> think
>> it makes a difference in the end, but it does make it possible to  
>> append
>> rules at the end of the chain later on.
> 	Hmm. Very good point, but doesn't dropping the packet
> preclude it from going any further?
> Martin McCormick
> -- 
> ubuntu-users mailing list
> ubuntu-users at
> Modify settings or unsubscribe at:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the ubuntu-users mailing list