[已解決]請問下iptables啟用后不能ping的原因？

nameofhsw

配置IPTABLES的目的是，允許所有人訪問，但是輸出只允許到指定IP
iptables配置內(nèi)容如下:

1. 
   
2. # Firewall configuration written by system-config-firewall
   
3. # Manual customization of this file is not recommended.
   
4. *filter
   
5. :INPUT ACCEPT [0:0]
   
6. :FORWARD ACCEPT [0:0]
   
7. :OUTPUT ACCEPT [0:0]
   
8. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   
9. -A INPUT -p icmp -j ACCEPT
   
10. -A INPUT -i lo -j ACCEPT
    
11. -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    
12. -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
    
13. -A OUTPUT -p tcp -d 192.168.81.138 -j ACCEPT
    
14. -A OUTPUT -p tcp -d 192.168.81.232 -j ACCEPT
    
15. 
    
16. -A OUTPUT -j REJECT --reject-with icmp-host-prohibited
    
17. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    
18. COMMIT

復制代碼

啟用后，無法ping，也無法被ping，要怎么修改才能被允許的IP地址ping通呢？

jixuuse

-A OUTPUT -j REJECT --reject-with icmp-host-prohibited

你都不許朝外回復icmp了

lyhabc

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p tcp -d 192.168.81.138 -j ACCEPT
-A OUTPUT -p tcp -d 192.168.81.232 -j ACCEPT
前面無問題
-A OUTPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

后面這兩句刪掉