On Friday 19 April 2002 10:48 am, -LuCkYdUcK- wrote: > $IPTABLES -A INPUT -i lo -j ACCEPT > $IPTABLES -A OUTPUT -o lo -j ACCEPT > > # Firewall-Policy festlegen > $IPTABLES --policy INPUT DROP > $IPTABLES --policy OUTPUT DROP > $IPTABLES --policy FORWARD DROP > > $IPTABLES -t nat --policy PREROUTING DROP > $IPTABLES -t nat --policy OUTPUT DROP > $IPTABLES -t nat --policy POSTROUTING DROP > > $IPTABLES -t mangle --policy PREROUTING DROP > $IPTABLES -t mangle --policy OUTPUT DROP > > ###################################################################### > > My problem is that if I try to ping myself (127.0.0.1) after I've parsed > the script the following error-msg is displayed: > > sendto: Operation not permitted
Yes, your first rules in the INPUT and OUTPUT chains will allow loopback packets; however you have set the policy for NAT and MANGLE to DROP, so your packets are going to get blocked there instead - after the OUTPUT chain, and before the INPUT CHAIN. I suggest you do not set the default policy on NAT and MANGLE to DROP (I don't think it really does anything for you), or if you don't want to do that, add some rules to allow loopback packets first. Antony.
