|
-
March 6th, 2003, 05:08 PM
#1
Junior Member
My ICMP Chain for IPTABLES
Got this from a friend some time ago ... works wonders!
IPT="/sbin/iptables"
$IPT -N ICMP
$IPT -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type network-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type host-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type protocol-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type fragmentation-needed -j DROP
$IPT -A ICMP -p icmp --icmp-type source-route-failed -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type network-unknown -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type host-unknown -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type network-prohibited -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type host-prohibited -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type TOS-network-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type TOS-host-unreachable -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type communication-prohibited -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type host-precedence-violation -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type precedence-cutoff -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type source-quench -j DROP
$IPT -A ICMP -p icmp --icmp-type redirect -j DROP
$IPT -A ICMP -p icmp --icmp-type network-redirect -j DROP
$IPT -A ICMP -p icmp --icmp-type host-redirect -j DROP
$IPT -A ICMP -p icmp --icmp-type TOS-network-redirect -j DROP
$IPT -A ICMP -p icmp --icmp-type TOS-host-redirect -j DROP
$IPT -A ICMP -p icmp --icmp-type echo-request -j DROP
$IPT -A ICMP -p icmp --icmp-type router-advertisement -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type router-solicitation -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type time-exceeded -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type parameter-problem -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type ip-header-bad -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type required-option-missing -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type timestamp-request -j DROP
$IPT -A ICMP -p icmp --icmp-type timestamp-reply -j ACCEPT
$IPT -A ICMP -p icmp --icmp-type address-mask-request -j DROP
$IPT -A ICMP -p icmp --icmp-type address-mask-reply -j ACCEPT
$IPT -A ICMP -p icmp -j DROP
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote