automatically write to /etc/sysconfig/iptables. If so, it is great! I know a package called 'firestarter', but it
seems that it doesn't write to /etc/sysconfig/iptables. It creates its own directory /etc/firestarter. This is
what I don't want. Anyway, I will follow your link and try to learn some iptable rules.
Another question is: why do you have '[0:0]' before each line? This doesn't look like correct.
Ding
mgalgoci@xxxxxxxxxx wrote:
On Wed, 5 Nov 2003, Ding Li wrote:
Could someone tell me how to block pings in redhat 9.0? I know I should put a line in /etc/sysconfig/iptables. But I dont know how the line like.:(
Be careful about blocking all of icmp. If you do not allow icmp types 3 and 4
you will break pmtu discovery and you will experience problems weird reaching other networks.
You probably want something like:
[0:0] -A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp -j DROP
But if you are asking these sorts of questions then you _really_ should go and read
and understand the iptables howto:
http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/index.html
Alternately, refering to the iptables man page isn't a bad idea either.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
