Comments on: Traceroutes time out after turning on an iptables firewall http://www.brandonchecketts.com/archives/traceroutes-time-out-after-turning-on-an-iptables-firewall Web Programming, Linux System Administation, and other geeky stuff Thu, 05 Jan 2012 11:11:59 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Brandonhttp://www.brandonchecketts.com/archives/traceroutes-time-out-after-turning-on-an-iptables-firewall/comment-page-1#comment-81 Brandon Sun, 08 Apr 2007 14:49:48 +0000 http://www.brandonchecketts.com/archives/50#comment-81 The rule just stops the firewall from dropping the packets before they get to the kernel. Since there is nothing listening on the ports, it will then reply with the ICMP 'port unreachable' packet as it normally would. The rule just stops the firewall from dropping the packets before they get to the kernel. Since there is nothing listening on the ports, it will then reply with the ICMP ‘port unreachable’ packet as it normally would.

]]> By: Mark Mathsonhttp://www.brandonchecketts.com/archives/traceroutes-time-out-after-turning-on-an-iptables-firewall/comment-page-1#comment-77 Mark Mathson Wed, 04 Apr 2007 21:41:32 +0000 http://www.brandonchecketts.com/archives/50#comment-77 Good post Brandon...Does this rule you added open the ports specified for udp or just effectively allow communication to them, but keeping them closed?## Allow traceroutes, which send a packet to a UDP port in this general range iptables -A INPUT -s 0/0 -p udp –destination-port 33441:33500 -j ACCEPT Good post Brandon…

Does this rule you added open the ports specified for udp or just effectively allow communication to them, but keeping them closed?

## Allow traceroutes, which send a packet to a UDP port in this general range
iptables -A INPUT -s 0/0 -p udp –destination-port 33441:33500 -j ACCEPT

]]>