Hello. My firewall looks like so: iptables -A INPUT -p tcp -s 0/0 -d <IP> --dport 23 -m limit --limit 6/minute -j LOG --log-prefix "TELNET_ATTEMPT " iptables -A INPUT -p udp -s 0/0 -d <IP> --dport 23 -m limit --limit 6/minute -j LOG --log-prefix "TELNET_ATTEMPT " iptables -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -d <IP> --dport 23 -j DROP iptables -A INPUT -p udp -d <IP> --dport 23 -j DROP iptables -A INPUT -p tcp -d <IP> --dport 21 -j ACCEPT iptables -A INPUT -p udp -d <IP> --dport 21 -j ACCEPT iptables -A INPUT -p tcp -d <IP> --dport 22 -j ACCEPT iptables -A INPUT -p udp -d <IP> --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d <IP> --dport 113 -j ACCEPT iptables -A INPUT -p udp -d <IP> --dport 113 -j ACCEPT
iptables -A INPUT -d <IP> -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -d <IP> -m state --state INVALID -m limit --limit 3/minute -j LOG --log-prefix "ATTEMPT " iptables -A INPUT -d <IP> -j DROP Before, I did not have the third line in my firewall script (dealing with ICMP). If I'm on the machine with this script running, I cannot ping anything. All gets dropped. But, if I put the icmp accept line in, then it is able to ping.. I know that makes sense, but shouldn't the line later on (third from last), do the same thing, as an IPTABLES -L -n will yield an iptables accept line stating protocol of all. It only accepts icmp if implicity stated on a seperate line. Thanks, Aton
