blocking icmp protocol

Email lists > General Red Hat Linux discussion list

Thread: blocking icmp protocol

Search this list only Search all lists
blocking icmp protocol
	2006-12-17 17:55:00
iptables -t filter -A INPUT -p icmp -i eth0 -j DROP On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: > > hi > > i can't disable the icmp with iptables > i made the following command > > iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP > > but still this ip can ping my host > > thank you > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > h ttps://www.redhat.com/mailman/listinfo/redhat-list > -- :. Best Wishes :. Waleed Harbi --------------------------------------------- :. Never too old to learn :. Every why has a wherefore :. Grasp all, lose all -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-17 18:25:03
filter is the default table so -t filter is not needed, also this will drop all icmp from everywhere, which may not be what he wants. If the host can still ping you it may well be the case that an earlier rule is allowing them to do so, remember iptables works on a first match basis. John On Sun, 17 Dec 2006, Waleed Harbi wrote: > iptables -t filter -A INPUT -p icmp -i eth0 -j DROP > > On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: >> >> hi >> >> i can't disable the icmp with iptables >> i made the following command >> >> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP >> >> but still this ip can ping my host >> >> thank you >> >> __________________________________________________ >> Do You Yahoo!? >> Tired of spam? Yahoo! Mail has the best spam protection around >> http://mail.yahoo.com >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe >> h ttps://www.redhat.com/mailman/listinfo/redhat-list >> > > > > -- > :. Best Wishes > :. Waleed Harbi > --------------------------------------------- > :. Never too old to learn > :. Every why has a wherefore > :. Grasp all, lose all > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > h ttps://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-17 18:28:50
iptables -A INPUT -p icmp -j DROP On 12/17/06, John O'Loughlin <j.oloughlinqmul.ac.uk> wrote: > > > filter is the default table so -t filter is not needed, also this will > drop all icmp from everywhere, which may not be what he wants. > > If the host can still ping you it may well be the case that an earlier > rule is allowing them to do so, remember iptables works on a first match > basis. > > John > > On Sun, 17 Dec 2006, Waleed Harbi wrote: > > > iptables -t filter -A INPUT -p icmp -i eth0 -j DROP > > > > On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: > >> > >> hi > >> > >> i can't disable the icmp with iptables > >> i made the following command > >> > >> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP > >> > >> but still this ip can ping my host > >> > >> thank you > >> > >> __________________________________________________ > >> Do You Yahoo!? > >> Tired of spam? Yahoo! Mail has the best spam protection around > >> http://mail.yahoo.com > >> -- > >> redhat-list mailing list > >> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > >> h ttps://www.redhat.com/mailman/listinfo/redhat-list > >> > > > > > > > > -- > > :. Best Wishes > > :. Waleed Harbi > > --------------------------------------------- > > :. Never too old to learn > > :. Every why has a wherefore > > :. Grasp all, lose all > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > > h ttps://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > h ttps://www.redhat.com/mailman/listinfo/redhat-list > -- :. Best Wishes :. Waleed Harbi --------------------------------------------- :. Never too old to learn :. Every why has a wherefore :. Grasp all, lose all -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-17 18:33:00
also you can use: /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all On 12/17/06, Waleed Harbi <waleed.harbigmail.com> wrote: > > iptables -A INPUT -p icmp -j DROP > > > > On 12/17/06, John O'Loughlin <j.oloughlinqmul.ac.uk> wrote: > > > > > > filter is the default table so -t filter is not needed, also this will > > drop all icmp from everywhere, which may not be what he wants. > > > > If the host can still ping you it may well be the case that an earlier > > rule is allowing them to do so, remember iptables works on a first match > > basis. > > > > John > > > > On Sun, 17 Dec 2006, Waleed Harbi wrote: > > > > > iptables -t filter -A INPUT -p icmp -i eth0 -j DROP > > > > > > On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: > > >> > > >> hi > > >> > > >> i can't disable the icmp with iptables > > >> i made the following command > > >> > > >> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP > > >> > > >> but still this ip can ping my host > > >> > > >> thank you > > >> > > >> __________________________________________________ > > >> Do You Yahoo!? > > >> Tired of spam? Yahoo! Mail has the best spam protection around > > >> http://mail.yahoo.com > > >> -- > > >> redhat-list mailing list > > >> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > > >> h ttps://www.redhat.com/mailman/listinfo/redhat-list > > >> > > > > > > > > > > > > -- > > > :. Best Wishes > > > :. Waleed Harbi > > > --------------------------------------------- > > > :. Never too old to learn > > > :. Every why has a wherefore > > > :. Grasp all, lose all > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > > > h ttps://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > > h ttps://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > :. Best Wishes > :. Waleed Harbi > --------------------------------------------- > :. Never too old to learn > :. Every why has a wherefore > :. Grasp all, lose all > -- :. Best Wishes :. Waleed Harbi --------------------------------------------- :. Never too old to learn :. Every why has a wherefore :. Grasp all, lose all -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-18 19:10:56
John O'Loughlin wrote: > > filter is the default table so -t filter is not needed, also this will > drop all icmp from everywhere, which may not be what he wants. > > If the host can still ping you it may well be the case that an earlier > rule is allowing them to do so, remember iptables works on a first > match basis. > > John Well although it pleases my heart to see a professional answer I must say that you discarded the first obvious reason: he's not pinging from the 192.168.1.125's subnet... > > On Sun, 17 Dec 2006, Waleed Harbi wrote: > >> iptables -t filter -A INPUT -p icmp -i eth0 -j DROP >> >> On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: >>> >>> hi >>> >>> i can't disable the icmp with iptables >>> i made the following command >>> >>> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP >>> >>> but still this ip can ping my host >>> >>> thank you >>> >>> __________________________________________________ >>> Do You Yahoo!? >>> Tired of spam? Yahoo! Mail has the best spam protection around >>> http://mail.yahoo.com >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe >>> h ttps://www.redhat.com/mailman/listinfo/redhat-list >>> >> >> >> >> -- >> :. Best Wishes >> :. Waleed Harbi >> --------------------------------------------- >> :. Never too old to learn >> :. Every why has a wherefore >> :. Grasp all, lose all >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe >> h ttps://www.redhat.com/mailman/listinfo/redhat-list >> > -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-19 05:33:51
Lord, What is the answer? Could you please help him? I think you are the professional !!! On 12/18/06, Lord of Gore <lordofgorelogsoftgrup.ro> wrote: > > John O'Loughlin wrote: > > > > filter is the default table so -t filter is not needed, also this will > > drop all icmp from everywhere, which may not be what he wants. > > > > If the host can still ping you it may well be the case that an earlier > > rule is allowing them to do so, remember iptables works on a first > > match basis. > > > > John > Well although it pleases my heart to see a professional answer I must > say that you discarded the first obvious reason: he's not pinging from > the 192.168.1.125's subnet... > > > > On Sun, 17 Dec 2006, Waleed Harbi wrote: > > > >> iptables -t filter -A INPUT -p icmp -i eth0 -j DROP > >> > >> On 12/17/06, tamer amr <tamer_linuxyahoo.com> wrote: > >>> > >>> hi > >>> > >>> i can't disable the icmp with iptables > >>> i made the following command > >>> > >>> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP > >>> > >>> but still this ip can ping my host > >>> > >>> thank you > >>> > >>> __________________________________________________ > >>> Do You Yahoo!? > >>> Tired of spam? Yahoo! Mail has the best spam protection around > >>> http://mail.yahoo.com > >>> -- > >>> redhat-list mailing list > >>> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > >>> h ttps://www.redhat.com/mailman/listinfo/redhat-list > >>> > >> > >> > >> > >> -- > >> :. Best Wishes > >> :. Waleed Harbi > >> --------------------------------------------- > >> :. Never too old to learn > >> :. Every why has a wherefore > >> :. Grasp all, lose all > >> -- > >> redhat-list mailing list > >> unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > >> h ttps://www.redhat.com/mailman/listinfo/redhat-list > >> > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe > h ttps://www.redhat.com/mailman/listinfo/redhat-list > -- :. Best Wishes :. Waleed Harbi --------------------------------------------- :. Never too old to learn :. Every why has a wherefore :. Grasp all, lose all -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

blocking icmp protocol
	2006-12-19 09:09:42
If, as suggested by another poster, there is an earlier rule permitting icmp access, try "inserting" the rule instead of "appending it. So instead of: iptables -A INPUT -p icmp ... say: iptables -I INPUT -p icmp ... Because the first rule to match applies, your blocking rule needs to appear before something that lets icmp through. -- Cameron Simpson <cszip.com.au> DoD#743 http://www.cskk.e zoshosting.com/cs/ Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live. - Martin Golding, DoD #0236, martinplaza.ds.adp.com -- redhat-list mailing list unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe h ttps://www.redhat.com/mailman/listinfo/redhat-list

[1-7]

about | contact Other archives ( Real Estate discussion Medical topics )