Carlos E. R. wrote:
The issue is - if it is a default, it is in the migration script and that would be weird.
Try running "iptables --list -n" and maybe grep for 'icmp'
Telcontar:~ # iptables --list -n | grep -i icmp ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED REJECT all -- 0.0.0.0/0 0.0.0.0/0 owner GID match 1011 reject-with icmp-port-unreachable
That is an odd one, I don't think I have ever seen anything like that.
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT icmp -- 192.168.1.1 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.5 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.6 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.29 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.15 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.16 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED
Those were clearly added by yourself. I am a bit puzzled regarding 'ctstate' for ICMP traffic, but that is likely a personal shortcoming :-)
ACCEPT icmp -- 192.168.1.1 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.5 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.6 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.29 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.15 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED ACCEPT icmp -- 192.168.1.16 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED
That is more stuff that you have added. It looks to me as if you accept type 4 (weird, "source quench?" ) type 8 (ping request) I expect you didn't actually add those ICMP rules yourself, but the host addresses must have come from you. -- Per Jessen, Zürich (14.5°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes