Heya peeps…
Just had an issue with the firewall filter and maybe I’m not quite understanding the way IPTABLES does firewalling.
So my goal is to allow for ICMP traffic destined to the router, but only when sourced from the router. This way the router can source pings/traces/whatever ICMP related for troubleshooting.
I have a firewall rules like this:
14 X ;;; ROUTER PROTECTION | ALLOW ROUTER ICMP | ETHERNET 1
chain=input action=accept protocol=icmp src-address-type=local in-interface=CENTURYLINK
15 X ;;; ROUTER PROTECTION | ALLOW ROUTER ICMP | ETHERNET 2
chain=input action=accept protocol=icmp src-address-type=local in-interface=Ethernet 2
However it still gets caught by my “reject all” down a few rules:
18 ;;; ROUTER PROTECTION | DROP ALL | ETHERNET 1
chain=input action=drop in-interface=CENTURYLINK
19 ;;; ROUTER PROTECTION | DROP ALL | ETHERNET 2
chain=input action=drop in-interface=Ethernet 2
Any reason why this firewall chain doesn’t let in the locally sourced ICMP packets? I thought “src-address-type=local” was supposed to be the differentiator…
I also know I have the rules disabled. I do that until I verify why they weren’t working. When enabled they still fail…
Thanks 