Hi Daniel, Which box are you trying to ping from? If you are trying to ping from the firewall itself, you are not allowing ping requests to leave the firewall, nor do you allow the replies back in in the INPUT chain. Ie, you will need to swap the chains that you are inserting the rules into.
Hope this was the problem :-) Oskar Andreasson http://www.boingworld.com http://people.unix-fu.org/andreasson/ mailto: [EMAIL PROTECTED] ----- Original Message ----- From: "Daniel Schaerli" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 06, 2002 3:28 PM Subject: default policys > Hi > > I try to build a firewall with iptables but there's > something I don't > understand. > I set the default policy for all tables to DROP: > > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP > > Then I allow to ping. > > # allow ping > iptables -A INPUT -p ICMP --icmp-type echo-request -j > ACCEPT > iptables -A OUTPUT -p ICMP --icmp-type echo-reply -j > ACCEPT > > Then I ping any machine. The system tells me "ping: > sendmsg: Operation > not allowed". > > Has someone got a clue why I can't ping even if I > explicitly tell the > firewall that pinging is allowed? > > Thanks for any help. > Regards > Daniel Schaerli > > > > __________________________________________________________________ > > Gesendet von Yahoo! Mail - http://mail.yahoo.de > Sie brauchen mehr Speicher f�r Ihre E-Mails? - http://premiummail.yahoo.de > >
