Ping and firewall
Edward Dekkers
edward at tripled.iinet.net.au
Tue Aug 2 08:43:08 UTC 2005
I have a rule in my firewall's INPUT chain to drop incoming ICMP.
The net result of this is that when I'm testing, and I ping outwards,
the echoes don't come back.
The rule looks like this:
echo " Dropping ICMP from outside"
$IPTABLES -A INPUT -i $EXTIF -p icmp -j DROP
$IPTABLES -A FORWARD -j LOG
On the forward chain I have this:
echo " FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
Can something similar be done for ICMP? i.e. allow echo ICMP packets
back in only if I've pinged somebody?
Regards,
Ed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edward.vcf
Type: text/x-vcard
Size: 363 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050802/a5ab49d6/attachment-0001.vcf>
More information about the fedora-list
mailing list