Re: Off Topic: iptables, ping, traceroute
In article <[🔎] 20010716162033.A24224@debian>,
John Patton <patton66@home.com> wrote:
>You could further limit your rules by specifying the source
>address of you cable modem provider, something like:
>
> -A INPUT -p icmp -s provider.cable.net -j ACCEPT
>
>Just figure out from your logs what ip address(es) they use
>for their pings, and then they will be able to ping you as
>they please, but nobody else will be able to.
Just as so long you are not blocking ICMP_DEST_UNREACH (code 3)
since esp. ICMP_FRAG_NEEDED (subcode 4) is essential for the
functioning of the internet at large and there are enough
idiots already who block all ICMP at their routers/firewalls.
See http://www.worldgate.com/~marcs/mtu/
Mike.
--
"dselect has a user interface which scares small children"
-- Theodore Tso, on debian-devel
Reply to: