Enable ICMP Ping in CentOS at startup? (Lunix noob)

[Vini]

We got a couple of CentOS VA's running in our environment, which don't support/have ICMP Ping enabled at boot.

Each time we reboot them, I'm having to manually login and enable Ping, by running;

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT


Any ideas how I could add this to 'startup', so I can save an hour of my day each time these bounce? Surely it can't be too tricky?

[DanceswithUnix]

The firewall config is probably in /etc/sysconfig/iptables

It is a text file, I ignore the banner at the top telling you not to manually edit it and hit it with VI.
On my Centos 6 box I have the line:

-A INPUT -p icmp -j ACCEPT

just above the one that accepts anything on the loopback port lo.

[DBarber]

been a while since i used iptables but there is a method of saving the new rules after they have been entered.
FWIR the best method is to have a table file of extra rules eg /etc/xtrarules and add them to the interface at pre-up or depending on the config once the commands have been entered just use the command to save the rules in the rules file eg
sudo iptables-save > /etc/rules.txt

[Vini]

Thanks guys, I should have mentioned, I'm a Linux-tard, so DBarber, whilst your solution sounds better... I'm not entirely sure how that would be done.

My linux skills run to VI, and I can just about fathom out how to save and quit, although remembering usually takes 30 minutes or so.

[DanceswithUnix]

Thanks guys, I should have mentioned, I'm a Linux-tard, so DBarber, whilst your solution sounds better... I'm not entirely sure how that would be done.

My linux skills run to VI, and I can just about fathom out how to save and quit, although remembering usually takes 30 minutes or so.

Which version of Centos are you running?

Configuration in Centos goes in /etc/sysconfig/* so best not to fight that, just roll with it.

[Vini]

Bizarrely, I just configured RatticDB as per this; https://wiki.gutzmann.com/confluence...+on+CentOS+6.5

And would you believe it, but check out the final step.

vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

service iptables restart

[Splash]

SSH and SSL? Not sure what that has to do with ICMP ping...

http://crybit.com/iptables-rules-for-icmp/ should give you all that you need for ICMP.

EDIT: ok, so you need to save them too. http://wiki.centos.org/HowTos/Network/IPTables should give you all you need on that front.

[yamangman]

A little OP, but this is why I love(d) slackware. The file-foo was hammered into you. None of this lazy command-based settings malarky. There was a post by mercurial author Matt Mackall that explained what I mean better than I have .