Off Topic: iptables, ping, traceroute
I've setup a fairly restrictive set of rules for iptables and have been,
up to this point, extremely satisfied with its performance. However,
I've recently started having some signifiant issues with my cable modem
provider and they routinely want to ping and traceroute to my machine.
This requires me to take down my firewall and wait for them to finish,
then put it back up. I'd like to make, as part of my rule set, ping and
traceroute able to get through. So far I've done this for my input chain
for ping
-A INPUT -p icmp -j ACCEPT
For traceroute I've done this:
-A INPUT -p ip -j ACCEPT
These appear to work, however, am I overlooking something from a
security
point of view by allowing any icmp and ip's through? Is there a
better
way?
Thanks,
Wm
Reply to:
- Follow-Ups:
- Re: Off Topic: iptables, ping, traceroute
- From: "Hall Stevenson" <hallstevenson@mindspring.com>
- Re: Off Topic: iptables, ping, traceroute
- From: Matthias Richter <matthias@vielfalt.de>
- Re: Off Topic: iptables, ping, traceroute
- From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
- Re: Off Topic: iptables, ping, traceroute
- From: John Patton <patton66@home.com>
- Re: Off Topic: iptables, ping, traceroute
- From: Joey Hess <joey@kitenet.net>
- Re: Off Topic: iptables, ping, traceroute
- From: john <johnpf@atnet.net.au>