Am Thursday, den 28 June hub Ross Cameron folgendes in die
Tasten:
[filter icmp timestamp-*]
> How do you create sub-chains?
> I've heard the term before but never found an example
that uses it.
This is a simple task:
iptables -N yourChainName
For your problem:
iptables -N icmp_timestamp
iptables -A icmp_timestamp -p icmp --icmp-type
timestamp-request -j REJECT --reject-with
icmp-admin-prohibited
iptables -A icmp_timestamp -p icmp --icmp-type
timestamp-reply -j REJECT --reject-with
icmp-admin-prohibited
iptables -A INPUT -i eth0 -p icmp -j icmp_timestamp
iptables -A OUTPUT -o eth0 -p icmp -j icmp_timestamp
(The interesting question here might be if it is wise to put
these two
simple rules in a subchain when thinking about rule
processing
speed.)
HTH
Ciao
Max
--
Follow the white penguin.
|
