I want to enable ICMP echo-reply in a zone defined by source.
I have a zone MONITORING where I want to permit some services like mysql and echo-reply. Permiting services like mysql is simple, but I can't figure out how to enable echo-reply without using direct rules. Is it possible?
Main interface uses BLOCK zone, so packets are rejected with icmp-host-prohibited, when they don't fall to zone MONITORING.
Thanks
