Am 24.02.2016 um 15:42 schrieb John Cenile:
Hello,
Is it possible at all to block all users other than root from sending
outbound ICMP packets on an interface?
At the moment we have the following two rules in our IPtables config:
iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j DROP
But this still allows ICMP for some reason (but *does* block other TCP/UDP
packets, which is what we want, as well as ICMP).
Thanks.
What do you want to achieve by not allowing outbound ICMP traffic?
Are you aware that ICMP has a larger set of different types, several of
them required for a functional network.
Alexander
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
