[lug] (no subject)

Kevin Fenzi kevin at scrye.com
Fri Mar 29 09:44:11 MST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Rob" == Rob Nagler <nagler at bivio.biz> writes:

>> Using iptables, how to I REJECT pings and traceroutes to the box
>> itself?

Rob> iptables -A INPUT -i eth0 -p icmp -j DROP

be carefull here... ICMP is an entire protocol.
If you just want to drop ping's (ICMP ECHO), you can do: 

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j DROP

or

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j DROP

There are lots of diffrent ICMP types, many of which are needed for
the correct functioning of your machine on the net. In particular
fragmentation-needed, redirects and ttls. A partial list: 

echo-reply                  
destination-unreachable      
  network-unreachable        
  host-unreachable           
  protocol-unreachable       
  port-unreachable            
  fragmentation-needed        
  source-route-failed         
  network-unknown            
  host-unknown               
  network-prohibited          
  host-prohibited            
  TOS-network-unreachable    
  TOS-host-unreachable       
  communication-prohibited    
  host-precedence-violation     
  precedence-cutoff             
source-quench                   
redirect                        
  network-redirect              
  host-redirect                 
  TOS-network-redirect          
  TOS-host-redirect             
echo-request                 
router-advertisement            
router-solicitation             
time-exceeded                
  ttl-zero-during-transit     
  ttl-zero-during-reassembly  
parameter-problem             
  ip-header-bad               
  required-option-missing      
timestamp-request               
timestamp-reply                 
address-mask-request            
address-mask-reply              

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE8pJnfcVy2YPT92+ARAiyMAJ9sfwLvbo9DHnAn58kQnc5wFlnKSwCcCFZD
K0z7ZewIX7cwifyyecaTg+o=
=JdX1
-----END PGP SIGNATURE-----



More information about the LUG mailing list