ICMP types to allow
Derick Anderson
danderson at vikus.com
Wed Dec 21 19:36:04 CET 2005
After reading the ICMP state machine section of the Netfilter tutorial
[http://iptables-tutorial.frozentux.net/iptables-tutorial.html#ICMPCONNE
CTIONS] it appears that ICMP traffic related to existing TCP and UDP
connections falls under the RELATED,ESTABLISHED rules.
So someone correct me if I'm wrong, but this means that any valid ICMP
error message would get picked up by a '-A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT' at the start of the chain, and so (as
lst_hoe01 stated) allowing type 8 is all you really need to do, correct?
(and a little reading goes a long way... =)
Thanks,
Derick Anderson
More information about the netfilter
mailing list