remember that is a pair. Output + Input...
You only let output as accept. What about input?
best regards
----- Mensagem original -----
De: "Linux Scoop" <linuxscoop@xxxxxxxxx>
Para: netfilter@xxxxxxxxxxxxxxx
Enviadas: Terça-feira, 3 de maio de 2022 10:59:00
Assunto: cannot allow outbound ping traffic
Hello netfilter community,
I am running into a problem where I cannot ping other hosts if I have
nftables service turned on.
I have the following rule for outgoing traffic (basically allows all
outgoing traffic)
chain OUTBOUND {
type filter hook output priority 0; policy accept;
}
But I cannot ping any inside or outside IPs, eg.
[root@lxdvfs1a nftables]# ping -vv 172.29.28.1
ping: socket: Permission denied, attempting raw socket...
PING 172.29.28.1 (172.29.28.1) 56(84) bytes of data.
153 packets transmitted, 0 received, 100% packet loss, time 151999ms
If I turn off nftables service, I can ping any IPs normally.
[root@lxdvfs1a nftables]# ping 172.29.28.1
PING 172.29.28.1 (172.29.28.1) 56(84) bytes of data.
64 bytes from 172.29.28.1: icmp_seq=1 ttl=64 time=1.64 ms
64 bytes from 172.29.28.1: icmp_seq=2 ttl=64 time=0.446 ms
64 bytes from 172.29.28.1: icmp_seq=3 ttl=64 time=0.488 ms
I also tried adding the following to explicitly allow outgoing ping,
but it did not work either.
icmp type echo-request ct state new,established accept
Any insight/help would be appreciated.
Thanks,
Lihua Wang
Sysadmin at CUNY Graduate Center
--
Pau lo Ricardo Bruck consultor
tel 011 3596-4882
cel 98140-9184(TIM/Whats)
[ http://www.contatogs.com.br/ | http ] [ http://www.contatogs.com.br/ | s://www.contatoglobal.com.br ]
Domou arigatou gozaimasu
