Am Thursday, den 28 June hub Ross Cameron folgendes in die Tasten: [filter icmp timestamp-*] > How do you create sub-chains? > I've heard the term before but never found an example that uses it. This is a simple task: iptables -N yourChainName For your problem: iptables -N icmp_timestamp iptables -A icmp_timestamp -p icmp --icmp-type timestamp-request -j REJECT --reject-with icmp-admin-prohibited iptables -A icmp_timestamp -p icmp --icmp-type timestamp-reply -j REJECT --reject-with icmp-admin-prohibited iptables -A INPUT -i eth0 -p icmp -j icmp_timestamp iptables -A OUTPUT -o eth0 -p icmp -j icmp_timestamp (The interesting question here might be if it is wise to put these two simple rules in a subchain when thinking about rule processing speed.) HTH Ciao Max -- Follow the white penguin.
