|
Home > Archive > alt.os.linux > June 2002 > how block large icmp packets?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
how block large icmp packets?
|
|
|
| How can I block ICMP fragment packets / Large ICMP packets with pmfirewall
script?
| |
|
| "Matt" < dontspammeokayblah@blahblahbla
hlbah.com> wrote in message news:<FC8S8.3452$Ji6.314802@e3500-atl2.usenetserver.com>...
> How can I block ICMP fragment packets / Large ICMP packets with pmfirewall
> script?
#
#-----INCOMING-------
#
#echo reply (pong)
$IPCHAINS -A input -p icmp --icmp-type 0 -j ACCEPT
#destination unreachable
$IPCHAINS -A input -p icmp --icmp-type 3 -j ACCEPT
#source quench
$IPCHAINS -A input -p icmp --icmp-type 4 -j ACCEPT
#time to live (TTL) for traceroute
$IPCHAINS -A input -p icmp --icmp-type 11 -j ACCEPT
#now deny all other INCOMING icmp packets
$IPCHAINS -A input -p icmp -j DENY -l
#
#-----OUTGOING------
#
#destination unreachable
$IPCHAINS -A output -p icmp --icmp-type 3 -j ACCEPT
#source quench
$IPCHAINS -A output -p icmp --icmp-type 4 -j ACCEPT
#echo request (ping)
$IPCHAINS -A output -p icmp --icmp-type 8 -j ACCEPT
#now deny all other OUTGOING icmp packets
$IPCHAINS -A output -p icmp -j DENY -l
for detailed info STW....
|
|
|
|
|