Re: Re: ipchains / help

To: debian-firewall@lists.debian.org
Subject: Re: Re: ipchains / help
From: Jens Schuessler <jgs@trash.net>
Date: Tue, 4 Jun 2002 13:38:14 +0200
Message-id: <[🔎] 20020604133814.A365413@sge.ath.cx>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 010301c20b89$487afd00$6b48becb@noc2>; from louie@noc.chikka.com on Tue, Jun 04, 2002 at 01:32:57PM +0800
References: <[🔎] 1023166899285.11604901@luukku.com> <[🔎] 010301c20b89$487afd00$6b48becb@noc2>

* louie miranda <louie@noc.chikka.com> [04-06-02 07:32]:
> Chain input (policy ACCEPT):
> target     prot opt     source                destination           ports

First of all you should set the policy to DENY or REJECT and then
permit only the protocols that you need. Then read something about
the different ICMP types. 
For example:
To ping a host on the outside you have to accept outgoing ICMP packets type 8:

ipchains -A output -i $external interface -p icmp --icmp-type  8 -j ACCEPT

To receive an answer to your echo request permit type 0 "echo reply":

ipchains -A input  -i $external interface -p icmp --icmp-type  0 -j ACCEPT

Jens


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Re: ipchains / help
  - From: "louie miranda" <louie@noc.chikka.com>

References:
- Re: ipchains / help
  - From: Irvine Russell <pd3@luukku.com>
- Re: ipchains / help
  - From: "louie miranda" <louie@noc.chikka.com>

Prev by Date: Re: ipchains / help
Next by Date: [interfaces + route] My new firewall doesn't forward packages
Previous by thread: Re: ipchains / help
Next by thread: Re: Re: ipchains / help
Index(es):
- Date
- Thread