[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Curious about iptables and ping behavior

I'm a little puzzled by the following behavior...

I've got the following iptables rules in effect:

    2   168 DROP        all  --  *      *          
    0     0 DROP        all  --  *      *    

from issuing the following commands:

iptables -I INPUT x -s -j DROP
iptables -I INPUT x -d -j DROP

I do allow type 0, 3 and 11 ICMP messages through, but those rules
follow the ones I show above, so anything from the above address range
shouldn't even get to that point.

As I understand it, those rules should block anything coming or going
to/from the specified IP address range.  However, when I ping'd a site
that should have been black-holed by the above rules, I saw activity on
my DSL modem's TX and RX lights and tcpcdump showed the following

22:13:56.591591 myhost > icmp: echo request (DF)
22:13:56.654301 > myhost: icmp: echo reply
22:13:57.589221 myhost > icmp: echo request (DF)
22:13:57.651388 > myhost: icmp: echo reply

While ping (at the command line) appeared to not return anything, my DSL
modem lights and tcpdump showed a different story.  This looks pretty
strange to me. 

Anyone willing to shed some light on this behavior?


Nick Busigin  ...Sent from my Debian/GNU Linux Machine...   nick@xwing.org

To obtain my pgp public key, email me with the subject: "get pgp-key"

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: