Brent, Have you tried specifying an interface or address range explicitly? such as.... $IPT -t filter -A INPUT -i lo -p icmp --icmp-type echo-request -j ACCEPT or.... $IPT -t filter -A INPUT -d 127.0.0.0/255.0.0.0 -p icmp --icmp-type echo-request -j ACCEPT perhaps even combining those.. good luck! -Scott --- Brent Clark <bclark@xxxxxxxxxxxxxxxxxxxx> wrote: > Hi list > > I soo close to pulling my hair out on this > > I have a webserver with the following ruleset > (default policy of drop) > [snip] > $IPT -t filter -A INPUT -p icmp --icmp-type > source-quench -j ACCEPT > $IPT -t filter -A INPUT -p icmp --icmp-type > parameter-problem -j ACCEPT > $IPT -t filter -A INPUT -p icmp --icmp-type > destination-unreachable -j > ACCEPT > $IPT -t filter -A INPUT -p icmp --icmp-type > time-exceeded -j ACCEPT > $IPT -t filter -A INPUT -p icmp --icmp-type > echo-request -j ACCEPT > #$IPT -t filter -A INPUT -p icmp --icmp-type ! > echo-request -j LOG > $IPT -t filter -A INPUT -j LOG --log-prefix "[INPUT > DROP]: " > --log-tcp-options --log-ip-options > $IPT -t filter -A INPUT -j DROP > > and for the likes on my I cant work out why I cant > ping the machine > even localhost, does not return anything __________________________________ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html
