Allow the firewall to enter ICMP rules

Discussion in 'General Questions' started by markx31, Mar 22, 2012.

  1. markx31

    markx31 New Member

    Messages:
    1
    We run PVA and manage the linux firewalls via PVA firewall tool.

    We have a server that makes use of ping however when we set the firewall to drop default policy there is no way to allow ICMP out.
  2. MattiasJ

    MattiasJ Bit Poster

    Messages:
    1
    You have to enter icmp rules manually on the VS add the following to /etc/sysconfig/iptables

    -A VZ_INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A VZ_INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A VZ_OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A VZ_OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

    Then restart iptables

    /etc/init.d/iptables restart

    The manually entered rules will not show up in pva and will not be over written by pva.

Share This Page