Answer the question
In order to leave comments, you need to log in
I
I
Ivan Gromov2016-03-15 15:21:25
Ivan Gromov, 2016-03-15 15:21:25
How to disable interface ping?
There are 2 local networks (I'll call them 1 and 2). Between them is a firewall, which has 2 interfaces. It blocks incoming connections from network 1 to network 2, while allowing outgoing messages from network 2 to network 1. But for some reason I can ping the firewall interface for network 2. How to ban it?
The rules for iptables are:
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
1 answer(s)
@riivers
Good article on this.
A
Anton Nagaets, 2016-03-15 @riivers
Чтобы запретить ping:
# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -j DROP
Разрешить для определенных сетей / хостов:
# iptables -A INPUT -s 192.168.1.0/24 -p icmp --icmp-type echo-request -j ACCEPT
Разрешить только часть ICMP запросов:
### ** предполагается, что политики по умолчанию для входящих установлены в DROP ** ###
# iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
# iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
## ** разрешим отвечать на запрос ** ##
# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPTGood article on this.
Similar questions
C
A
S
W
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question