On 02/12/16 16:12, Gordon Messmer wrote:
It works to prevent internet access
from that ip. However I can still
ping 8.8.8.8
In a very general sense, DROP may be
preferred to REJECT when you are
dealing with protocols other than TCP
or UDP.
For TCP, a firewall can reject a
packet by sending a TCP RST in reply.
However, for all other traffic, an
ICMP message has to be returned for a
rejection. One effect of that is that
you may be replying to ICMP echo
requests with an ICMP message from
your firewall. It could be that what
you're seeing isn't a reply from
8.8.8.8 at all, but a reply from the
firewall.
Try dropping the traffic instead, and
see if that effectively blocks
outbound traffic.
--
.
I will try that. In either case I will
include ICMP if it doesn't.
Bob
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box10 FEDORA-23/64bit LINUX XFCE POP3
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
