On Thu, May 19, 2005 at 07:23:14PM -0400, Jason Opperisano wrote:
> # standard UDP ports used by traceroute
> iptables -A INPUT -p udp --dport 33434:33523 -j DROP
> iptables -A FORWARD -p udp --dport 33434:33523 -j DROP
>
> # ICMP echo-req's w/ low TTL
> iptables -A INPUT -p icmp --icmp-type 8 -m ttl --ttl-lt 5 -j DROP
> iptables -A FORWARD -p icmp --icmp-type 8 -m ttl --ttl-lt 5 -j DROP
looking at that response--there's a situation screaming for a custom
chain:
iptables -N DROP_TRACE
iptables -A DROP_TRACE -p udp --dport 33434:33523 -j DROP
iptables -A DROP_TRACE -p icmp --icmp-type 8 -m ttl --ttl-lt 5 -j DROP
iptables -A INPUT -j DROP_TRACE
iptables -A FORWARD -j DROP_TRACE
-j
--
"Announcer: Paw McTucket Beer. If you drink it, hot women will have
sex in your backyard."
--Family Guy
