I do have a state rule already for allowing any established,related connections.
So should I add another one such as:
iptables -A FORWARD -p icmp -m state --state RELATED -j ACCEPT
The current ruleset is attached (I've only excluded the variables and logging sections of it).
# Allow previously initiated and accepted connections # to bypass firewall tests (state matching) iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
If you have this three generic rules, you don't need separate rule just for ICMP. The generic rule will match all IP protocols (tcp, udp, and icmp).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
