Bootstrap FreeKB - iptables - allow ICMP
iptables - allow ICMP

Updated:   |  iptables articles

Before adding a rule to iptables to allow ICMP, it's important to recognize that there are different types of ICMP packets. The following command will display the different type of ICMP packets.

iptables --protocol icmp --help

 

Which should return something like this.

Valid ICMP Types:
any
echo-reply (pong)
destination-unreachable
   network-unreachable
   host-unreachable
   protocol-unreachable
   port-unreachable
   fragmentation-needed
   source-route-failed
   network-unknown
   host-unknown
   network-prohibited
   host-prohibited
   TOS-network-unreachable
   TOS-host-unreachable
   communication-prohibited
   host-precedence-violation
   precedence-cutoff
source-quench
redirect
   network-redirect
   host-redirect
   TOS-network-redirect
   TOS-host-redirect
echo-request (ping)
router-advertisement
router-solicitation
time-exceeded (ttl-exceeded)
   ttl-zero-during-transit
   ttl-zero-during-reassembly
parameter-problem
   ip-header-bad
   required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply

 

If you want to allow any type of ICMP packet, the following command can be used.

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

 

Typically, only ICMP echo requests are allow. The following command will allow only ICMP echo requests on the INPUT chain, so that the system running iptables can be pinged.

Notice the --icmp_type option contains a value of echo-request. Instead of using a value of echo-request, you could use a value of 8. This option accept either the numeric or literal name of the ICMP type.

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

 

The -L or --list option can be used to display the rules to ensure the rule was added.

The iptables-save command will need to be used to permanently save iptables.




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 88668a in the box below so that we can be sure you are a human.