Re: Off Topic: iptables, ping, traceroute

To: debian-user@lists.debian.org
Subject: Re: Off Topic: iptables, ping, traceroute
From: miquels@cistron-office.nl (Miquel van Smoorenburg)
Date: Tue, 17 Jul 2001 11:32:27 +0000 (UTC)
Message-id: <[🔎] 9j17ob$6p6$1@ncc1701.cistron.net>
References: <[🔎] 20010716143029.B4303@bodach.org> <[🔎] 20010716162033.A24224@debian>

In article <[🔎] 20010716162033.A24224@debian>,
John Patton  <patton66@home.com> wrote:
>You could further limit your rules by specifying the source
>address of you cable modem provider, something like:
>
>     -A INPUT -p icmp -s provider.cable.net -j ACCEPT
>
>Just figure out from your logs what ip address(es) they use
>for their pings, and then they will be able to ping you as
>they please, but nobody else will be able to.

Just as so long you are not blocking ICMP_DEST_UNREACH (code 3)
since esp. ICMP_FRAG_NEEDED (subcode 4) is essential for the
functioning of the internet at large and there are enough
idiots already who block all ICMP at their routers/firewalls.

See http://www.worldgate.com/~marcs/mtu/

Mike.
-- 
"dselect has a user interface which scares small children"
	-- Theodore Tso, on debian-devel

Reply to:

References:
- Off Topic: iptables, ping, traceroute
  - From: William Jensen <jensenb@bodach.org>
- Re: Off Topic: iptables, ping, traceroute
  - From: John Patton <patton66@home.com>

Prev by Date: Re: Why is setting up X so arcane? (SOLVED!!!)
Next by Date: Re: Adding a user to a group
Previous by thread: Re: Off Topic: iptables, ping, traceroute
Next by thread: Re: Off Topic: iptables, ping, traceroute
Index(es):
- Date
- Thread