<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Hi,<br><br>I am trying to understand how iptables work. I have a CentOS install and I am trying to enable ping/tracert on that instance. I don't understand if every port is open or closed by default on that instance? What does an empty rule mean? Every port opne or every port clodes?<br><br>And after I added the icmp rules, are other ports open or is icmp the only traffic allowed?<br><br>Here are the default iptables<br><br>---------------------------<br>$ sudo iptables -L -n<br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination<br><br>Chain OUTPUT (policy
ACCEPT)<br>target prot opt source destination<br>--------------------------<br><br>After some research, I did this to try to enable PINGs. The server IP is 10.161.82.237<br><br>---------------------------<br>$ SERVER_IP="10.161.82.237"<br>$ sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0 /0 -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT<br><br>$ sudo iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br><br>-------------------------------<br>Check
the new tables<br>--------------------------------<br>$ sudo iptables -L -n<br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination<br>ACCEPT icmp -- 0.0.0.0/0 10.161.82.237 icmp type 8 state NEW,RELATED,ESTABLISHED<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination<br>ACCEPT icmp -- 10.161.82.237
0.0.0.0/0 icmp type 0 state RELATED,ESTABLISHED<br><br>-----------------------------------<br><br>The tracert or ping still time out.<br><br>Thanks<br><br>Fred<br><br></td></tr></table>