if you have policies for INPUT, OUTPUT and FORWARD to ACCEPT, those rules are not needed. Also, if the traffic is generated in the same firewall FORWARD chain will not match. Its no needed Before you add those rules, the pings and traces was working? Hello Nicole, Wednesday, February 18, 2004, 6:15:11 AM, you wrote: NH> Hi, NH> I added this rules (with fwbuilder): NH> $IPTABLES -A FORWARD -p icmp -m state --state NEW -j ACCEPT NH> $IPTABLES -A OUTPUT -p icmp -m state --state NEW -j ACCEPT NH> $IPTABLES -A INPUT -p icmp -m state --state NEW -j ACCEPT NH> Why was ping from an interface of my firewall-host denied? NH> Traceroute too. NH> What rule shall I add? NH> Thanks! NH> Nicole -- Best regards, Alexis mailto:alexis@xxxxxxxxxxxx
