Curious about iptables and ping behavior
I'm a little puzzled by the following behavior...
I've got the following iptables rules in effect:
2 168 DROP all -- * * 216.151.93.0/24 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 216.52.220.0/24
from issuing the following commands:
iptables -I INPUT x -s 216.151.93.0/24 -j DROP
iptables -I INPUT x -d 216.151.93.0/24 -j DROP
I do allow type 0, 3 and 11 ICMP messages through, but those rules
follow the ones I show above, so anything from the above address range
shouldn't even get to that point.
As I understand it, those rules should block anything coming or going
to/from the specified IP address range. However, when I ping'd a site
that should have been black-holed by the above rules, I saw activity on
my DSL modem's TX and RX lights and tcpcdump showed the following
traffic:
22:13:56.591591 myhost > 216.151.93.223: icmp: echo request (DF)
22:13:56.654301 216.151.93.223 > myhost: icmp: echo reply
22:13:57.589221 myhost > 216.151.93.223: icmp: echo request (DF)
22:13:57.651388 216.151.93.223 > myhost: icmp: echo reply
While ping (at the command line) appeared to not return anything, my DSL
modem lights and tcpdump showed a different story. This looks pretty
strange to me.
Anyone willing to shed some light on this behavior?
Nick
--------------------------------------------------------------------------
Nick Busigin ...Sent from my Debian/GNU Linux Machine... nick@xwing.org
To obtain my pgp public key, email me with the subject: "get pgp-key"
--------------------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: