On Sun, 20 Feb 2005 20:35:59 -0800 (PST), Shiraz Baig wrote: > Sir, > I am trying to see the working of iptables. I read the > relevantHOWTOs and tried an experiment to get an icmp > packet rejected. This experiment is from one of the > HOWTOs. But my experiment has not succeeded. > > Could someone tell me why my ICMP packet was not > rejected in spite of the fact that rules show that it > should be rejected. > Step 2: > I checked the rules to make sure the above fact. > #iptables -L > I got the response: > --------- response ---------- > Chain INPUT (policy ACCEPT) > target prot opt source destination > > RH-Lokkit-0-50-INPUT all -- anywhere > anywhere > ................ remaining skipped ............ You skipped all but the relevant line: RH-Lokkit-0-50-INPUT all -- anywhere anywhere List your rules again, this time with the "iptables-save" command. For most iptables users it is much more readable. Notice how the INPUT chain jumps into the user-defined RH-Lokkit-0-50-INPUT chain where all packets on loopback device are accepted. > Step 3: > Now I gave a command to deny the icmp proto packets. > # iptables -A INPUT -s 127.0.0.1 -p icmp -j REJECT Use -I, not -A, so this rule is _inserted_ at the beginning of the INPUT chain. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
