[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: policy DROP and 1 rule


> hi, when i set the INPUT policy of DROP and then insert a rule -A
> INPUT -s lan-machine -j ACCEPT ,the lan machine normally must be
> able to ping the firewalled machine? 

you are perfectly right with this, the "lan-machine" will be able to
send a ping request (or anything else) to the firewalled machine and
it will be accepted. If you don't get any answers from the firewalled
machine this might be caused by the OUTPUT chain dropping the answers
of the firewalled machine.

To see ping (and everything else) working you have to ensure both:
- The requests reaching the firewalled machine (as you actually did)
- The answers being able to leave the firewalled machine

> with this syntax the -p option is default set to "all". so icmp is
> also under "all" to find ,or i am wrong?

No, you are not wrong. This is perfectly right.


Attachment: pgp3LT1UOvGYj.pgp
Description: PGP signature

Reply to: