input-icmp:
- tool iptables
- direction input
- protocol icmp
-
- # allow all icmp input, such as pings
- #rule -m state --state NEW -j ACCEPT
-
- # allow icmp: echo reply (outbound ping)
- #rule --icmp-type 0 -m state --state NEW -j ACCEPT
-
- # allow icmp: destination unreachable
- rule --icmp-type 3 -m state --state NEW -j ACCEPT
-
- # allow icmp: source quench
- rule --icmp-type 4 -m state --state NEW -j ACCEPT
-
- # allow icmp: redirect
- rule --icmp-type 5 -m state --state NEW -j ACCEPT
-
- # allow icmp: echo request (inbound ping)
- rule --icmp-type 8 -m state --state NEW -j ACCEPT
-
- # allow icmp: router advertisement
- rule --icmp-type 9 -m state --state NEW -j ACCEPT
-
- # allow icmp: router Solicitation
- rule --icmp-type 10 -m state --state NEW -j ACCEPT
-
- # allow icmp: time exceeded
- rule --icmp-type 11 -m state --state NEW -j ACCEPT
-
- # allow icmp: bad ip header
- rule --icmp-type 12 -m state --state NEW -j ACCEPT
-
- # allow icmp: timestamp
- rule --icmp-type 13 -m state --state NEW -j ACCEPT
-
- # allow icmp: timestamp reply
- rule --icmp-type 14 -m state --state NEW -j ACCEPT
-
- # allow icmp: information request
- rule --icmp-type 15 -m state --state NEW -j ACCEPT
-
- # allow icmp: information reply
- rule --icmp-type 16 -m state --state NEW -j ACCEPT
-
- # allow icmp: address request
- rule --icmp-type 17 -m state --state NEW -j ACCEPT
-
- # allow icmp: address reply
- rule --icmp-type 18 -m state --state NEW -j ACCEPT
-
- # allow icmp: traceroute
- #rule --icmp-type 30 -m state --state NEW -j ACCEPT
-
-
-output-icmp:
- direction output
- protocol icmp
-
- # allow icmp output, such as pings
- rule -m state --state NEW -j ACCEPT
-
-
-input-icmp:
direction input
projects / fll / commitdiff