I have a rule in my firewall's INPUT chain to drop incoming ICMP.
The net result of this is that when I'm testing, and I ping outwards,
the echoes don't come back.
The rule looks like this:
echo " Dropping ICMP from outside"
$IPTABLES -A INPUT -i $EXTIF -p icmp -j DROP
$IPTABLES -A FORWARD -j LOG
On the forward chain I have this:
echo " FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
Can something similar be done for ICMP? i.e. allow echo ICMP packets
back in only if I've pinged somebody?
Regards,
Ed.
begin:vcard
fn:Edward Dekkers
n:Dekkers;Edward
org:Triple D Computer Services Pty. Ltd.;Management
adr:;;822 Rowley Road;Oakford;WA;6121;Australia
email;internet:edward@xxxxxxxxxxxxxxxxxxxx
title:Mr.
tel;work:(08) 9397-1040
tel;fax:(08) 9397-0749
tel;home:(08) 9397-0547
tel;cell:0407083195
x-mozilla-html:FALSE
url:http://www.iinet.net.au
version:2.1
end:vcard
