multiple targets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/16/03  7:08 PM -0500, igueths at comcast.net wrote:
> Hi all. I think this iis possible according to my interpretation of the
> iptables manpage, however I am not sure. Is it possible to write one rule
> for the input chain to let's say, log all icmp-echo-reply packets, and then
> another rule for the input chain that drops the icmp-echo-reply packets? I
> think this is possible, since as far as I know every packet travels through
> the desired chain (s) until a rule or set of rules is encountered for the
> packet (s)? 

Yes this is possible though I don't see why you want to stop echo
replies instead of echo requests. Here are some example rules.

iptables -A INPUT -p icmp --icmp-type echo-reply -j LOG
iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

The chain will be traversed until it is accepted, rejected, or dropped
and if none of these happens the policy for the chain will apply. Many
of the example rulesets use a logdrop user defined chain to log then
drop packets.

As always YMMV.

- -- 
Clarke's Corollary:
Any technology distinguishable from magic is insufficiently advanced.
Thomas Stivers	e-mail: stivers_t at tomass.dyndns.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/36kj5JK61UXLur0RAnl+AJ9AU7EF1mFqc8oKQIpBckvBNzWk4gCcCnxh
JbtTBjWykukvNN0XyhFgujw=
=p0r2
-----END PGP SIGNATURE-----




[Index of Archives]     [Linux for the Blind]     [Fedora Discussioin]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]
  Powered by Linux