Iptables ping configuration in CentOS

Iptables in CentOS about ping configuration Environment Description: www.2cto.com OS: CentOS 2.6.18-308.16.1.el5 Iptables: iptables v1.3.5 I just learned how to configure iptables in linux. First, I want to start with simple ping control, although simple, I still encountered several problems. First, all rules are cleared, and the default filter rule is drop [plain] iptables-p input drop iptables-p output drop iptables-p forward drop. In this case, the ping operation will appear:
Start to set the rules for running ping operation [plain] iptables-a input-p icmp-type echo-reply-j ACCEPT iptables-a output-p icmp-type echo- request-j ACCEPT at this time, ping key rules are configured. Test: www.2cto.com [plain] ping 202.204.80.166

However, I encountered a problem here. The test method is to ping 127.0.0.1, but it is always unavailable. I thought it was because the rule settings were incorrect, but I couldn't find the reason. It was later discovered that this IP address was too special. If you want to ping this address, you also need to set other rules to allow the local loopback interface (loopback) to pass through the firewall. The settings are as follows: [plain] iptables-a input-I lo-p all-j ACCEPT iptables-A OUTPUT-o lo-p all-j ACCEPT. In this case, ping 127.0.0.1 again.. However, you can directly ping the IP address here, but an error will occur if you ping the domain name. The reason is that we have dropped the data packet transmitted by the operating system during DNS resolution. Therefore, we must set rules to allow system domain name resolution and perform the following operations: [plain] iptables-a input-p udp-sport 53-j ACCEPT iptables-a output-p udp-dport 53-j ACCEPT. Then, you can use the ping domain name. Finally, you need to save the rules set above. [Plain] service iptables save my iptables configuration file is as follows.