Re: Ping

To: debian-firewall@lists.debian.org
Subject: Re: Ping
From: Stelios Bounanos <sb@dial.pipex.com>
Date: Mon, 25 Feb 2002 16:44:58 +0000
Message-id: <[🔎] 874rk5jyt1.wl@shyrka>
In-reply-to: <[🔎] 1014650278.625.85.camel@zarniwoop>
References: <[🔎] 000c01c1be0e$bc632bc0$8c2798d5@laptop> <[🔎] 1014650278.625.85.camel@zarniwoop>

 >>>>> On 25 Feb 2002 16:17:58 +0100, Bart-Jan Vrielink
 >>>>> <bartjan@vrielink.net> was runoured to have said:

 > On Mon, 2002-02-25 at 16:10, Charlie Grosvenor wrote:
 >> Is it possible to block people from pinging me but still allow me
 > to ping them? At the moment i have used the following command:
 >> 
 >> iptables -A INPUT -i ppp0 -p icmp  -j DROP

 > add the following line before that line:
 > iptables -A INPUT -i ppp0 -p icmp --icmp-type echo-reply -j ACCEPT

This will also block useful icmp traffic. For example, I can't guess how
dynamic path mtu discovery is going to work without icmp :) It's probably
better to drop echo-requests (and maybe source-routes etc.) and accept
everything else icmp.

 > -- 
 > Tot ziens,

 > Bart-Jan

Rgds,
/-sb.

-- 

Stelios Bounanos <sb@dial.pipex.com>          /*\
  ..............7500000 years later:          \ /  ASCII Ribbon Campaign
  The Ultimate Answer is 42.                   X   No HTML in mail or news!
  (next mail will give the Question)          / \

Reply to:

Follow-Ups:
- Re: Ping
  - From: Adam Lydick <awlydick@bulldog.unca.edu>

References:
- Ping
  - From: "Charlie Grosvenor" <charlie@thegrosvenors.fsnet.co.uk>
- Re: Ping
  - From: Bart-Jan Vrielink <bartjan@vrielink.net>

Prev by Date: Blocking Reserved IP's
Next by Date: Re: Ping
Previous by thread: Re: Ping
Next by thread: Re: Ping
Index(es):
- Date
- Thread