Le mer 05/11/2003 Ã 09:18, Christopher Davis a Ãcrit : > Hello everyone! > > I have setup an iptables script that will not allow me to ping > 127.0.0.1 for some reason -- > > Input policy is drop > Forward and output policy is accept. (Egress filtering on the way!) > > I have in the rules to allow established or related connections -- "-A > INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > Can ping everything else. > ifconfig does have information on the lo @ 127.0.0.1 > > Any ideas? The fw receives a ping on INPUT : a ping has to be unrelated to the connection open by the emission of the ping. So it cames as new on the INPUT chains and it is dropped. Add iptables -A INPUT -p icmp -m state --state NEW -j LOG to check. It ping is logged, that's it. The standard way to do is to have : iptables -I INPUT -i lo -j ACCEPT iptables -I OUTPUT -o lo -j ACCEPT BR, > > Thanks!! > Christopher Davis -- Eric Leblond Nufw, Now User Filtering Works (http://www.nufw.org)
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
