1

I have a Lightsail instance running CentOS 7 and I would like to allow pinging to the instance from the outside. I couldn't find anything in the instance firewall settings.

Lightsail Firewall Page

I have tried running the following commands inside:

$ sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$ sudo iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Unfortunately these commands did not fix the problem. I suspect it's being blocked at the Lightsail-firewall layer. Is there a way to allow ICMP from outside?

rhw5
  • 90
  • 1
  • 7

2 Answers2

2

AWS Lightsail firewall now supports Ping(ICMP):

https://aws.amazon.com/blogs/compute/enhancing-site-security-with-new-lightsail-firewall-features/

Just select Ping(ICMP) from the "Application" drop-down when you add a new rule to your lightsail firewall.

Anonymous
  • 36
  • 2
0

Ping doesn't use TCP, it uses ICMP, a different protocol. If you can't add the ICMP protocol to the Lighsail firewall then you can't ping the instance. This wasn't possible in 2019, and I don't think that's changed yet.

Please don't vote answers down long after they've been answered, just because the answer is no longer valid. Questions / answers are a point in time and most answers will eventually become invalid. Maybe old answers should be protected to prevent this, or people will delete old answers that may still have some value.

Tim
  • 31,888
  • 7
  • 52
  • 78