If the output chain POLICY is set to ACCEPT; there is no need to setup rules for it. -----Original Message----- From: Jozsef Kadlecsik [mailto:kadlec@xxxxxxxxxxxxxxxxx] Sent: Wednesday, June 30, 2004 2:18 PM To: Piszcz, Justin Michael Cc: netfilter Subject: RE: traceroute On Wed, 30 Jun 2004, Piszcz, Justin Michael wrote: > I use -I INPUT ESTABLISHED,RELATED. > > I can ping outbound just fine, ESTABLISHED,RELATED keeps track of the > ICMPs. You could not ping outbound without setting up proper rules in the OUTPUT chain. Your machine cannot be pinged with the rules above alone. Your rule above does not let through ping responses on a firewall. In other words it does not allow ICMP in general. > I do not know where you are getting your info from, but it is clearly > incorrect. You yourself claimed that: > > You do not have to allow it explicitly (ie: allow icmp so other > > machines can ping your machine). Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
