Linux – Getting firewalld to allow ping requests


On CentOS 7, I have installed and setup firewalld as follows:

  1. Add ssh service to drop zone permanently (sudo firewall-cmd --zone=drop --permanent --add-service=ssh)
  2. Make drop zone the default zone so that all non ssh requests are dropped (sudo firewall-cmd --set-default-zone=drop)

I have taken the above approach as I want to drop all incoming requests apart from those that I have configured (ssh, http, etc). However, I find that I can no longer ping the CentOS server and I believe this is because of the default zone being drop.

My question is quite simple. Can anybody shed some light as to how I can edit the configuration of the drop zone so that it allows me to ping the server from outside?

Many thanks. I am a novice with firewalls, networking, etc, but I am hoping this will be an easy question for someone to answer :)

Best Answer

Add the following "iptables" rule to firewalld

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p icmp -s -d -j ACCEPT
sudo systemctl restart firewalld.service