On Wed, 2004-02-18 at 11:15, Nicole Haehnel wrote: > Hi, > > I added this rules (with fwbuilder): > > $IPTABLES -A FORWARD -p icmp -m state --state NEW -j ACCEPT > $IPTABLES -A OUTPUT -p icmp -m state --state NEW -j ACCEPT > $IPTABLES -A INPUT -p icmp -m state --state NEW -j ACCEPT > > > Why was ping from an interface of my firewall-host denied? > Traceroute too. > When the return packets come back, their state is not NEW, probably RELATED. > What rule shall I add? > $IPTABLES -A INPUT -p icmp -m state --state NEW,RELATED -j ACCEPT > Thanks! > > Nicole -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
