Re: droping internal network icmp usign forward
luis a écrit :
hi there ani advise to drop icmp usign forward?
example iptables -A FORWARD -s 10.30.0.0/24 -d $mylan(10.30.146.4/24) -p
icmp -j DROP
is that ok?
Well, it drops ICMP packets which hit the rule and match the source and
destination address conditions. However it won't drop packets which
don't hit the rule for any reason or don't match the address conditions.
well is not working here i tho
Aren't there any rules placed before that my accept the packets ?
Don't forget that the classic "-m state RELATED,ESTABLISHED" condition
which is often placed at the beginning of a chain matches any valid ICMP
error packet (destination unreachable, time exceeded...).
also i would like to drop the port to avoid nmap scan from outside to my
Huh ? What do you mean exactly by "drop the port" ?