Re: Off Topic: iptables, ping, traceroute
> ...and they routinely want to ping and traceroute to
> my machine. This requires me to take down my
> firewall and wait for them to finish, then put it back
> up. I'd like to make, as part of my rule set, ping and
> traceroute able to get through. So far I've done this
> for my input chain for ping
> These appear to work, however, am I overlooking
> something from a security point of view by allowing
> any icmp and ip's through? Is there a better way?
Depending on who you talk to there and how reasonable they
are, tell them you use a firewall and don't want to leave your
machine "vulnerable" like this. It's possible that they will
use the same machine or machines when they want to ping or
traceroute to you. If so, you can allow just those machines.
By the way, why do they need to traceroute to you ?? *They*
set up the routing and should know how and where packets are
going. If they're interested in hops between you and them,
they can ping them directly.