On Wednesday 2012-09-26 09:09, joydeep@xxxxxxxxxxxxxxx wrote: > > iptables -P OUTPUT DROP > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT > iptables -N lan > iptables -A lan -p TCP --dport domain -j REJECT > iptables -A lan -p UDP --dport domain -j REJECT > iptables -A lan -j ACCEPT > iptables -A OUTPUT -d 192.168.0.0/255.255.0.0 -j lan > iptables -A OUTPUT -d 10.0.0.0/255.0.0.0 -j lan > iptables -A OUTPUT -d 172.16.0.0/255.240.0.0 -j lan >iptables -t filter -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT > iptables -t filter -A OUTPUT ! -o lan -j DROP >````````````````````````````````````````````````````````````` > >And when try to ping gmail.com it reports > >ping: sendmsg: Operation not permitted > >I don't understand what is causing the issue. Any clue / fix please ? You're blocking all of ICMP, so what did you expect? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
