On Wed, 30 Jun 2004, Piszcz, Justin Michael wrote: > If the output chain POLICY is set to ACCEPT; there is no need to setup > rules for it. Exactly, if. And what about the other two possibilities?: > Your machine cannot be pinged with the rules above alone. Your rule > above does not let through ping responses on a firewall. In other > words it does not allow ICMP in general. > > You yourself claimed that: > > > > You do not have to allow it explicitly (ie: allow icmp so other > > > machines can ping your machine). Sorry, but you made a general statement which is true only when a couple of other conditions are met as well. Without even mentioning that is misleading for the readers of the list. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
