Hello, luis a écrit :
hi there ani advise to drop icmp usign forward?example iptables -A FORWARD -s 10.30.0.0/24 -d $mylan(10.30.146.4/24) -p icmp -j DROPis that ok?
Well, it drops ICMP packets which hit the rule and match the source and destination address conditions. However it won't drop packets which don't hit the rule for any reason or don't match the address conditions.
well is not working here i tho
Aren't there any rules placed before that my accept the packets ?Don't forget that the classic "-m state RELATED,ESTABLISHED" condition which is often placed at the beginning of a chain matches any valid ICMP error packet (destination unreachable, time exceeded...).
also i would like to drop the port to avoid nmap scan from outside to my network
Huh ? What do you mean exactly by "drop the port" ?