How to enable ufw firewall to allow icmp response?

server firewall 10.04

Solution 1:

ufw does not allow specifying icmp rules via the command line interface command. It does allow you to adjust your ruleset via its rules files, which are iptables-restore style files.

ufw does allow certain icmp traffic by default including icmp echo reply, and this is already configured by default in /etc/ufw/before.rules:

-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

If your host is not responding to ping, look in this file to make sure the above line is present and if that doesn't work, look at the pinging host and any firewalls between them.

Solution 2:

For Ubuntu 18.04, you should have the following rules in your /etc/ufw/before.rules file:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench           -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded           -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem       -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request            -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench           -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded           -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem       -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request            -j ACCEPT

These were in my default file.

Of course, be sure that this is really the problem. My issue was that my computer was blocking pings from getting out to the network where the server I was trying to ping existed. I ended up using a web site that was already out on the internet to do the ping for me (e.g. https://ping.eu/ping/).

Solution 3:

Add the following to the /etc/ufw/before.rules file:

# allow outbound icmp
-A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT

After editing the file, run the command:

sudo ufw reload

Related

Ubuntu 12.04 on Amazon EC2: /dev/xvda1 will be checked for errors at next reboot?
Install Popcorn Time from source files
How to get GNOME Shell Calendar to sync with Google Calendar with Thunderbird installed?
Do Unity webapps work in Google Chrome?
/casper/vmlinuz: not found
File permissions won't change
Is there a workaround for the RFC 5961 Linux TCP flaw?
How to install gnome shell extensions offline?
How to remove Nvidia HDMI audio output in PulseAudio?
What is the command line equivalent for the update manager (Software Updater)?
What is "/dev/mapper/ubuntu--vg--root"?
"E: Unable to locate package update" when I try to update my system, why?