Ubuntu
ufw package

ICMP with default deny on outbound

Asked by basc

I have GUFW set up to deny all outbound by default, and I add rules to allow certain ports as needed. It seems this is blocking my outbound pings and I don't see a way to set a rule to allow them.

I did check /etc/ufw/before.rules and it does have the following:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

Is there a way to allow outbound ICMP while keeping gufw set to default deny outbound?

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu ufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
basc (basc) said : 		#2

not sure if anyone still uses this forum, but bumping just in case...

Revision history for this message
Launchpad Janitor (janitor) said : 		#3

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Axl (axel-werner-1973) said : 		#4

This is STILL a thing, if someone does "ufw default deny|reject outgoing" !! still not really "solved" within ufw it seems.