[lug] (no subject)
Kevin Fenzi
kevin at scrye.com
Fri Mar 29 09:44:11 MST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Rob" == Rob Nagler <nagler at bivio.biz> writes:
>> Using iptables, how to I REJECT pings and traceroutes to the box
>> itself?
Rob> iptables -A INPUT -i eth0 -p icmp -j DROP
be carefull here... ICMP is an entire protocol.
If you just want to drop ping's (ICMP ECHO), you can do:
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j DROP
or
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j DROP
There are lots of diffrent ICMP types, many of which are needed for
the correct functioning of your machine on the net. In particular
fragmentation-needed, redirects and ttls. A partial list:
echo-reply
destination-unreachable
network-unreachable
host-unreachable
protocol-unreachable
port-unreachable
fragmentation-needed
source-route-failed
network-unknown
host-unknown
network-prohibited
host-prohibited
TOS-network-unreachable
TOS-host-unreachable
communication-prohibited
host-precedence-violation
precedence-cutoff
source-quench
redirect
network-redirect
host-redirect
TOS-network-redirect
TOS-host-redirect
echo-request
router-advertisement
router-solicitation
time-exceeded
ttl-zero-during-transit
ttl-zero-during-reassembly
parameter-problem
ip-header-bad
required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply
kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE8pJnfcVy2YPT92+ARAiyMAJ9sfwLvbo9DHnAn58kQnc5wFlnKSwCcCFZD
K0z7ZewIX7cwifyyecaTg+o=
=JdX1
-----END PGP SIGNATURE-----
More information about the LUG
mailing list