Just had an issue with the firewall filter and maybe I'm not quite understanding the way IPTABLES does firewalling.
So my goal is to allow for ICMP traffic destined to the router, but only when sourced from the router. This way the router can source pings/traces/whatever ICMP related for troubleshooting.
I have a firewall rules like this:
Code: Select all
14 X ;;; ROUTER PROTECTION | ALLOW ROUTER ICMP | ETHERNET 1
chain=input action=accept protocol=icmp src-address-type=local in-interface=CENTURYLINK
15 X ;;; ROUTER PROTECTION | ALLOW ROUTER ICMP | ETHERNET 2
chain=input action=accept protocol=icmp src-address-type=local in-interface=Ethernet 2
Code: Select all
18 ;;; ROUTER PROTECTION | DROP ALL | ETHERNET 1
chain=input action=drop in-interface=CENTURYLINK
19 ;;; ROUTER PROTECTION | DROP ALL | ETHERNET 2
chain=input action=drop in-interface=Ethernet 2
I also know I have the rules disabled. I do that until I verify why they weren't working. When enabled they still fail....
Thanks