On Saturday 2011-08-20 19:01, Carlos A. Carnero Delgado wrote: >> iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply -o eth? -s >> 192.168.1.1 -d 192.168.2.200 -j ACCEPT > >IIRC when selecting (matching) ICMP the further match options are >implicit. Only when there is an option that cannot be associated with any currently loaded module. -m icmp won't be instantiated if you only use -p icmp. >When building iptables rulesets from scratch I always use the LOG >target, which sends to the syslog what's going on Netfilter at the >point of the rule. Excellent troubleshooting hook. Also, iptables -L >-v is your friend. Better is iptables-save. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
