Hello netfilter community,
I am running into a problem where I cannot ping other hosts if I have
nftables service turned on.
I have the following rule for outgoing traffic (basically allows all
outgoing traffic)
chain OUTBOUND {
type filter hook output priority 0; policy accept;
}
But I cannot ping any inside or outside IPs, eg.
[root@lxdvfs1a nftables]# ping -vv 172.29.28.1
ping: socket: Permission denied, attempting raw socket...
PING 172.29.28.1 (172.29.28.1) 56(84) bytes of data.
153 packets transmitted, 0 received, 100% packet loss, time 151999ms
If I turn off nftables service, I can ping any IPs normally.
[root@lxdvfs1a nftables]# ping 172.29.28.1
PING 172.29.28.1 (172.29.28.1) 56(84) bytes of data.
64 bytes from 172.29.28.1: icmp_seq=1 ttl=64 time=1.64 ms
64 bytes from 172.29.28.1: icmp_seq=2 ttl=64 time=0.446 ms
64 bytes from 172.29.28.1: icmp_seq=3 ttl=64 time=0.488 ms
I also tried adding the following to explicitly allow outgoing ping,
but it did not work either.
icmp type echo-request ct state new,established accept
Any insight/help would be appreciated.
Thanks,
Lihua Wang
Sysadmin at CUNY Graduate Center
