Hello I'm wondering if state doesn't apply to ICMP packets. iptables -A FORWARD -p icmp -m state -d 1.2.3.4 --state NEW -j ACCEPT iptables -A FORWARD -m state --state NEW,INVALID -j REJECT if I ping 1.2.3.4 the echo-reply is blocked from 1.2.3.4. Is this normal, I thought that the echo-reply should be marked RELATED and therefore not blocked? ==== Tomas Edwardsson HP Technical Support \ HP Certified System Administrator Red Hat Technical Support \ Red Hat Certified Engineer. Opin Kerfi
