Re: combining iptables parameters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Oct 29, 2009 at 16:57, Robert Spangler <mlists@xxxxxxxxxxxxxxxx> wrote:
> Even simpler;
>
> iptables -A OUTPUT -d $IP1 -j DROP
> iptables -A OUTPUT -d $IP2 -j DROP
>
> This will catch everything doesn't matter if its UDP or TCP or ICMP.

I think you're missing the point of the original question: It's just
an example rule set to illustrate multiple matches. Marcus wanted to
know, generally, whether IPTables supports logical ORing matches
together.

And assuming it is a real-world example: Why would you assume he'd
want to block ICMP, too? I allow ICMP in a lot of rule sets that
forbid just TCP/UDP traffic, so I can check host uptime and link
latency without exposing any listening daemons. My routers use a
similar ruleset, too: They need to be able to talk ICMP with anybody
on the Internet, but not anything else.

-R
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux