Off Topic: iptables, ping, traceroute

To: debian-user@lists.debian.org
Subject: Off Topic: iptables, ping, traceroute
From: William Jensen <jensenb@bodach.org>
Date: Mon, 16 Jul 2001 14:30:29 -0500
Message-id: <[🔎] 20010716143029.B4303@bodach.org>
Reply-to: jensenb@bodach.org

I've setup a fairly restrictive set of rules for iptables and have been,
up to this point, extremely satisfied with its performance.  However,
I've recently started having some signifiant issues with my cable modem
provider and they routinely want to ping and traceroute to my machine.
This requires me to take down my firewall and wait for them to finish,
then put it back up.  I'd like to make, as part of my rule set, ping and
traceroute able to get through.  So far I've done this for my input chain
for ping

    -A INPUT -p icmp -j ACCEPT

    For traceroute I've done this:

    -A INPUT -p ip -j ACCEPT

These appear to work, however, am I overlooking something from a
security
point of view by allowing any icmp and ip's through?  Is there a
better
way?

Thanks,

Wm

Reply to:

Follow-Ups:
- Re: Off Topic: iptables, ping, traceroute
  - From: "Hall Stevenson" <hallstevenson@mindspring.com>
- Re: Off Topic: iptables, ping, traceroute
  - From: Matthias Richter <matthias@vielfalt.de>
- Re: Off Topic: iptables, ping, traceroute
  - From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
- Re: Off Topic: iptables, ping, traceroute
  - From: John Patton <patton66@home.com>
- Re: Off Topic: iptables, ping, traceroute
  - From: Joey Hess <joey@kitenet.net>
- Re: Off Topic: iptables, ping, traceroute
  - From: john <johnpf@atnet.net.au>

Prev by Date: newbie: passing parameters to a module
Next by Date: RE:But ....
Previous by thread: Re: newbie: passing parameters to a module
Next by thread: Re: Off Topic: iptables, ping, traceroute
Index(es):
- Date
- Thread