Begin forwarded message: Date: Sat, 16 Nov 2002 01:14:41 +0100 From: Alexander Girgis <girgisar@swt.uni-stuttgart.de> To: debian-firewall@lists.debian.org Subject: Re: policy DROP and 1 rule Hi, > hi, when i set the INPUT policy of DROP and then insert a rule -A > INPUT -s lan-machine -j ACCEPT ,the lan machine normally must be > able to ping the firewalled machine? you are perfectly right with this, the "lan-machine" will be able to send a ping request (or anything else) to the firewalled machine and it will be accepted. If you don't get any answers from the firewalled machine this might be caused by the OUTPUT chain dropping the answers of the firewalled machine. sorry, but all my debian-machines with iptables have all policys set to ACCEPT,the only policy i changed is INPUT in the filter table (default table),and the one-and-only rule accept from a destination all protocols( -A INPUT -s some-box -j ACCEPT) .the OUTPUT policy is set to ACCEPT and no other rule in no other table is set,but ping and anything else doesnt go?and that is on all my machines with iptables? To see ping (and everything else) working you have to ensure both: - The requests reaching the firewalled machine (as you actually did) - The answers being able to leave the firewalled machine > with this syntax the -p option is default set to "all". so icmp is > also under "all" to find ,or i am wrong? No, you are not wrong. This is perfectly right. Regards Alex
Attachment:
00000000.mimetmp
Description: PGP signature