Ross Cameron wrote:
Hi there list,...
I need to block all
timestamp-request and
timestamp-reply
On eth0 (Inet facing fast ethernet segment on a multi homed Linux
router) but not on eth1 (LAN facing range).
I don't know how to test this so here's a guess. Hope it works.
Drop requests from the internet:
iptables -A input -p icmp --icmp-type timestamp-request -i eth0 -j DROP
My thought is that if no timestamp requests are accepted no timestamp
replies would be generated. In case that's an invalid assumption you
could also filter the output chain.
...and drop answers to the internet:
iptables -A output -p icmp --icmp-type timestamp-reply -o eth0 -j DROP
Depending on what else you are doing you may need matching rules in your
forward chains, too.
:m)
