Allow the firewall to enter ICMP rules

Discussion in 'General Questions' started by markx31, Mar 22, 2012.

  1. markx31

    markx31 Bit Poster

    We run PVA and manage the linux firewalls via PVA firewall tool.

    We have a server that makes use of ping however when we set the firewall to drop default policy there is no way to allow ICMP out.
  2. MattiasJ

    MattiasJ Bit Poster

    You have to enter icmp rules manually on the VS add the following to /etc/sysconfig/iptables

    -A VZ_INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A VZ_INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A VZ_OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A VZ_OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

    Then restart iptables

    /etc/init.d/iptables restart

    The manually entered rules will not show up in pva and will not be over written by pva.

Share This Page