Packets from the Internet that are accepted for ICMP protocol requests in the following
example are those for ICMP types 8 and 11. Type 8 service allows your computer to accept
echo reply messages, making it possible for people to ping your computer to see if it is
available. Type 11 service relates to packets with a time to live (TTL) that was exceeded in
transit, and for which you are accepting a Time Exceeded message that is being returned
to you. (You need to accept type 11 messages to use the traceroute command to find
broken routes to hosts you want to reach.)
# iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
# iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT
These two lines define rules for ICMP packets that come into the computer on the first
Ethernet interface (eth0) from any source (-s 0/0). The first line says to ACCEPT type 8
service, and the second says to ACCEPT type 11 service.
5. The following are examples of commands that define the packets that will be allowed to
come into and go out of the computer from the local computer or the private LAN that
the firewall is protecting:
# iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
# iptables -A INPUT -p ALL -i lo -s 10.0.0.1 -j ACCEPT
# iptables -A INPUT -p ALL -i lo -s 323.
Pages:
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929