How to configure iptables ICMP rules on a router? I'm trying to configure iptables rules on a router that allows ICMP (PMTU-D, ping, traceroute, etc.) to function. **GOALS:** 1) Allow **_all_** ICMP outbound traffic...--prophetes.ai

How to configure iptables ICMP rules on a router? I'm trying to configure iptables rules on a router that allows ICMP (PMTU-D, ping, traceroute, etc.) to function. GOALS: 1) Allow _all_ ICMP outbound traffic _initiated_ from the router and internal clients. 2) Allow ICMP inbound traffic _only_ for _replies_ to router and client initiated connections. 3) Drop all other ICMP inbound traffic from the WAN. Questions 1) Are the icmp-types below _reply_ messages to client and router initiated requests ? 0/0 3 14 2) Are icmp-types 5 and 9-12 reply messages ?

**NOTE** : It sounds like this is more of a _firewall_ question than a _router_ question.

Don't even try to worry about various ICMP types and which ones you have to match against which packets to permit in which directions. Just rely on the kernel's connection tracking feature and permit

* all ICMP (or all packets) outbound, and
* inbound packets belonging to existing tracked sessions:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT